0 votes

Good afternoon,

I'm currently updating some of our scripts and I'm looking to have an option that delete's a users V2 profile path when run. All the scripts I've run are based off the profile path in AD which only shows as \\server\profile$\username where as when using Server 2008+ we have the addition of the username.V2 directory.

First I am unable to locate a delete profile option right in Adaxes (even though there is a delete Home directory option). Second all the scripts I've located/modified only seem to locate the standard directory rather than the .V2 directory. Please advise if there is a script or option available to complete this task, or if you need further clarification.

by (700 points)

1 Answer

0 votes
by (216k points)
selected by
Best answer

Hello,

There is no built-in action to delete a user's profile in Adaxes, but you can always use a script for this purpose. Here's a script that deletes a user's standard profile, V2 profile and V4 profile (appears in Windows 8 / Server 2012):

$profileSuffixes = @(".V2", ".V4") # TODO: modify me

# Get name of the user who invokes the script
$adminName = "$env:userdomain\$env:username"

# Function to get full access to all subdirectories in a directory
function GrantFullControlForDirectory($directoryPath, $username, $directoryWithFullPermission)
{
    if ($directoryWithFullPermission.Contains($directoryPath))
    {
        return
    }
    $directoryWithFullPermission.Add($directoryPath) | Out-Null

    $directory = Get-Item -Path $directoryPath -Force

    # Change directory owner
    $ownerAcl = New-Object "System.Security.AccessControl.DirectorySecurity"
    $ownerID = New-Object "System.Security.Principal.NTAccount" $username
    $ownerAcl.SetOwner($ownerID)

    $directory.SetAccessControl($ownerAcl)

    # Set the Full Access permission
    $directoryAcl = Get-Acl $directoryPath
    $fullPermission = New-Object "System.Security.AccessControl.FileSystemAccessRule" $userName, "FullControl","ContainerInherit, ObjectInherit", "None", "Allow"
    $directoryAcl.SetAccessRule($fullPermission)

    Set-Acl -Path $directoryPath -AclObject $directoryAcl

    $childItems = Get-ChildItem -Path $directoryPath -Force

    if($childItems -eq $NULL)
    {
        return
    }

    foreach($item in $childItems)
    {
        if($item -is [System.IO.DirectoryInfo])
        {
            GrantFullControlForDirectory $item.FullName $username $directoryWithFullPermission
        }
    }
}

# Function to get full access to all files in a directory
function GrantFullControlForFiles($directoryPath, $username)
{
    # Get full access to all files in the directory
    $allFilePaths = [System.IO.Directory]::GetFiles($directoryPath,"*","AllDirectories")
    foreach($filePath in $allFilePaths)
    {
        $file = Get-Item -Path $filePath -Force

        # Change owner
        $ownerAcl = New-Object "System.Security.AccessControl.FileSecurity"
        $ownerID = New-Object "System.Security.Principal.NTAccount" $username
        $ownerAcl.SetOwner($ownerID)

        $file.SetAccessControl($ownerAcl)

        # Set Full Access permission
        $fileAcl = Get-Acl $filePath
        $fullPermission = New-Object "System.Security.AccessControl.FileSystemAccessRule" $username, "FullControl", "Allow"
        $fileAcl.SetAccessRule($fullPermission)

        Set-Acl -Path $filePath -AclObject $fileAcl
    }
}

# Get profile path from AD
$profilePaths = @()
try
{
    $profilePath += $Context.TargetObject.Get("profilePath")
    $profilePaths += $profilePath
}
catch
{
    $Context.LogMessage("No profile path specified", "Information") # TODO: modify me
    return
}

# Also check profile paths with suffixes (V2 and V4 profiles)
foreach ($suffix in $profileSuffixes)
{
    $profilePaths += "$profilePath$suffix"
}

# Remove profile folders
foreach ($profilePath in $profilePaths)
{
    if (!(Test-Path -Path $profilePath))
    {
        $Context.LogMessage("Profile '$profilePath' missing", "Information")
        continue
    }

    # Change permissions
    $directoryWithFullPermission = New-Object "System.Collections.Generic.HashSet[System.String]"
    GrantFullControlForDirectory $profilePath $adminName $directoryWithFullPermission
    GrantFullControlForFiles $profilePath $adminName

    # Remove the profile folder
    try
    {
        Remove-Item -Path $profilePath -Force -Recurse -ErrorAction Stop
        $Context.LogMessage("Profile '$profilePath' successfully removed", "Information")
    }
    catch
    {
        $Context.LogMessage($_.Exception.Message, "Error") # TODO: modify me
    }
}

To add the script to your Business Rule, Custom Command or Scheduled Task, use the Run a program or PowerShell script action.

0

thank you,

I'm curious if this script will run on an Remote Desktop Profile path

I received a message stating that no path has been defined, which leads me to believe it's trying to pull from the standard profile path.

0

To make it work on Remote Desktop Profile path instead of the normal profile path you will need to do the following modification:

Before:

# Get profile path from AD
$profilePaths = @()
try
{
    $profilePath += $Context.TargetObject.Get("profilePath")
    $profilePaths += $profilePath
}
catch
{
    $Context.LogMessage("No profile path specified", "Information") # TODO: modify me
    return
}

After:

# Get profile path from AD
$profilePaths = @()
try
{
    $user = [ADSI] "LDAP://%distinguishedName%"
    $profilepath = $user.psbase.Invokeget("terminalservicesprofilepath")
    $profilePaths += $profilePath
}
catch
{
    $Context.LogMessage("No profile path specified", "Information") # TODO: modify me
    return
}

Softerra: Correct me if im wrong. :)

0

Hello,

I'm curious if this script will run on an Remote Desktop Profile path
I received a message stating that no path has been defined, which leads me to believe it's trying to pull from the standard profile path.

Yes, the original script pulls the profile path for the standard profile, and not the Remote Desktop Settings profile.

odsven has already prompted a way to get the Remote Desktop Profile path, however it is overcomplicated and makes unnecessary calls to your Active Directory. There's a much simpler way to do this.

Find the following block in the original script:

# Get profile path from AD
$profilePaths = @()
try
{
    $profilePath += $Context.TargetObject.Get("profilePath")
    $profilePaths += $profilePath
}
catch
{
    $Context.LogMessage("No profile path specified", "Information") # TODO: modify me
    return
}

and replace it with the following:

# Get Remote Desktop Services profile path from AD
$profilePaths = @()
$profilePath = $Context.TargetObject.TerminalServicesProfilePath
if ([System.String]::IsNullOrEmpty($profilePath))
{
    $Context.LogMessage("No Remote Desktop Services profile path specified", "Information") # TODO: modify me
    return
}

$profilePaths += $profilePath

Related questions

0 votes
1 answer

Good Morning, I've been working through some of my processes and I'm not looking to make sure the deletion of Home directories (both remote and standard) as well as ... for user deletion. If there are any questions or clarification needed, please let me know.

asked Oct 16, 2015 by jtop (700 points)
0 votes
1 answer

Hello, We are evaluating Adaxes as a replacement for our existing AD management interface. As a result, we are looking at how Adaxes can simulate or replicate the ... more than happy to provide further information if required. regards and thanks, Jay Paterson

asked Feb 15, 2013 by jayapaterson (20 points)
0 votes
1 answer

If a user is disabled, I would like the following process to be automated: Direct reports of this disabled user (user A) are reassigned to new active user (user B) who ... is sent to User B indicating User As direct reports have been transferred to User B

asked Apr 29, 2022 by Cavolick (80 points)
0 votes
1 answer

Is there a way for Adaxes to use a user's Microsoft 365 profile pictures instead of having to select a file on a per user basis?

asked Feb 1 by keneth.figueroa (20 points)
0 votes
0 answers

Hello, I am using this script found in the repository to remove the permissions for Adaxes service administrators from a newly provisioned user home directory: https://www. ... namespace, so the folder path is similar to \ \domain.domain.com\ServerName\Users

asked Nov 14, 2022 by GronTron (320 points)
3,589 questions
3,278 answers
8,303 comments
548,107 users