Deletion of V2 profile directory

Good afternoon,

I'm currently updating some of our scripts and I'm looking to have an option that delete's a users V2 profile path when run. All the scripts I've run are based off the profile path in AD which only shows as \\server\profile$\username where as when using Server 2008+ we have the addition of the username.V2 directory.

First I am unable to locate a delete profile option right in Adaxes (even though there is a delete Home directory option). Second all the scripts I've located/modified only seem to locate the standard directory rather than the .V2 directory. Please advise if there is a script or option available to complete this task, or if you need further clarification.

by (720 points)

1 Answer

by (216k points)
Best answer
0 votes

Hello,

There is no built-in action to delete a user's profile in Adaxes, but you can always use a script for this purpose. Here's a script that deletes a user's standard profile, V2 profile and V4 profile (appears in Windows 8 / Server 2012):

$profileSuffixes = @(".V2", ".V4") # TODO: modify me

# Get name of the user who invokes the script
$adminName = "$env:userdomain\$env:username"

# Function to get full access to all subdirectories in a directory
function GrantFullControlForDirectory($directoryPath, $username, $directoryWithFullPermission)
{
    if ($directoryWithFullPermission.Contains($directoryPath))
    {
        return
    }
    $directoryWithFullPermission.Add($directoryPath) | Out-Null

    $directory = Get-Item -Path $directoryPath -Force

    # Change directory owner
    $ownerAcl = New-Object "System.Security.AccessControl.DirectorySecurity"
    $ownerID = New-Object "System.Security.Principal.NTAccount" $username
    $ownerAcl.SetOwner($ownerID)

    $directory.SetAccessControl($ownerAcl)

    # Set the Full Access permission
    $directoryAcl = Get-Acl $directoryPath
    $fullPermission = New-Object "System.Security.AccessControl.FileSystemAccessRule" $userName, "FullControl","ContainerInherit, ObjectInherit", "None", "Allow"
    $directoryAcl.SetAccessRule($fullPermission)

    Set-Acl -Path $directoryPath -AclObject $directoryAcl

    $childItems = Get-ChildItem -Path $directoryPath -Force

    if($childItems -eq $NULL)
    {
        return
    }

    foreach($item in $childItems)
    {
        if($item -is [System.IO.DirectoryInfo])
        {
            GrantFullControlForDirectory $item.FullName $username $directoryWithFullPermission
        }
    }
}

# Function to get full access to all files in a directory
function GrantFullControlForFiles($directoryPath, $username)
{
    # Get full access to all files in the directory
    $allFilePaths = [System.IO.Directory]::GetFiles($directoryPath,"*","AllDirectories")
    foreach($filePath in $allFilePaths)
    {
        $file = Get-Item -Path $filePath -Force

        # Change owner
        $ownerAcl = New-Object "System.Security.AccessControl.FileSecurity"
        $ownerID = New-Object "System.Security.Principal.NTAccount" $username
        $ownerAcl.SetOwner($ownerID)

        $file.SetAccessControl($ownerAcl)

        # Set Full Access permission
        $fileAcl = Get-Acl $filePath
        $fullPermission = New-Object "System.Security.AccessControl.FileSystemAccessRule" $username, "FullControl", "Allow"
        $fileAcl.SetAccessRule($fullPermission)

        Set-Acl -Path $filePath -AclObject $fileAcl
    }
}

# Get profile path from AD
$profilePaths = @()
try
{
    $profilePath += $Context.TargetObject.Get("profilePath")
    $profilePaths += $profilePath
}
catch
{
    $Context.LogMessage("No profile path specified", "Information") # TODO: modify me
    return
}

# Also check profile paths with suffixes (V2 and V4 profiles)
foreach ($suffix in $profileSuffixes)
{
    $profilePaths += "$profilePath$suffix"
}

# Remove profile folders
foreach ($profilePath in $profilePaths)
{
    if (!(Test-Path -Path $profilePath))
    {
        $Context.LogMessage("Profile '$profilePath' missing", "Information")
        continue
    }

    # Change permissions
    $directoryWithFullPermission = New-Object "System.Collections.Generic.HashSet[System.String]"
    GrantFullControlForDirectory $profilePath $adminName $directoryWithFullPermission
    GrantFullControlForFiles $profilePath $adminName

    # Remove the profile folder
    try
    {
        Remove-Item -Path $profilePath -Force -Recurse -ErrorAction Stop
        $Context.LogMessage("Profile '$profilePath' successfully removed", "Information")
    }
    catch
    {
        $Context.LogMessage($_.Exception.Message, "Error") # TODO: modify me
    }
}

To add the script to your Business Rule, Custom Command or Scheduled Task, use the Run a program or PowerShell script action.

by (720 points)
0

thank you,

I'm curious if this script will run on an Remote Desktop Profile path

I received a message stating that no path has been defined, which leads me to believe it's trying to pull from the standard profile path.

by (1.8k points)
0

To make it work on Remote Desktop Profile path instead of the normal profile path you will need to do the following modification:

Before:

# Get profile path from AD
$profilePaths = @()
try
{
    $profilePath += $Context.TargetObject.Get("profilePath")
    $profilePaths += $profilePath
}
catch
{
    $Context.LogMessage("No profile path specified", "Information") # TODO: modify me
    return
}

After: 

# Get profile path from AD
$profilePaths = @()
try
{
    $user = [ADSI] "LDAP://%distinguishedName%"
    $profilepath = $user.psbase.Invokeget("terminalservicesprofilepath")
    $profilePaths += $profilePath
}
catch
{
    $Context.LogMessage("No profile path specified", "Information") # TODO: modify me
    return
}

Softerra: Correct me if im wrong. :)

by (216k points)
0

Hello,

I'm curious if this script will run on an Remote Desktop Profile path
I received a message stating that no path has been defined, which leads me to believe it's trying to pull from the standard profile path.

Yes, the original script pulls the profile path for the standard profile, and not the Remote Desktop Settings profile.

odsven has already prompted a way to get the Remote Desktop Profile path, however it is overcomplicated and makes unnecessary calls to your Active Directory. There's a much simpler way to do this.

Find the following block in the original script: 

# Get profile path from AD
$profilePaths = @()
try
{
    $profilePath += $Context.TargetObject.Get("profilePath")
    $profilePaths += $profilePath
}
catch
{
    $Context.LogMessage("No profile path specified", "Information") # TODO: modify me
    return
}

and replace it with the following: 

# Get Remote Desktop Services profile path from AD
$profilePaths = @()
$profilePath = $Context.TargetObject.TerminalServicesProfilePath
if ([System.String]::IsNullOrEmpty($profilePath))
{
    $Context.LogMessage("No Remote Desktop Services profile path specified", "Information") # TODO: modify me
    return
}

$profilePaths += $profilePath

Related questions

Automation of deletion of Home Directory and Folder Redirect

Good Morning, I've been working through some of my processes and I'm not looking to make sure the deletion of Home directories (both remote and standard) as well as ... for user deletion. If there are any questions or clarification needed, please let me know.

asked Oct 16, 2015 by jtop (720 points)
0 votes
1 answer
Automating Home Directory and Profile paths

Hello, We are evaluating Adaxes as a replacement for our existing AD management interface. As a result, we are looking at how Adaxes can simulate or replicate the ... more than happy to provide further information if required. regards and thanks, Jay Paterson

asked Feb 15, 2013 by jayapaterson (20 points)
0 votes
1 answer
Direct reports to new user on deletion of old user

If a user is disabled, I would like the following process to be automated: Direct reports of this disabled user (user A) are reassigned to new active user (user B) who ... is sent to User B indicating User As direct reports have been transferred to User B

asked Apr 29, 2022 by Cavolick (80 points)
0 votes
1 answer
Is there a way for Adaxes to use Microsoft 365 user profile pictures instead of having to select a file per user?

Is there a way for Adaxes to use a user's Microsoft 365 profile pictures instead of having to select a file on a per user basis?

asked Feb 1, 2024 by keneth.figueroa (20 points)
0 votes
1 answer
[Error] The requested operation is not supported by this version of the directory service.

Just installated teh latest version. [Error] The requested operation is not supported by this version of the directory service.

asked Sep 9 by hhsmith (140 points)
0 votes
0 answers