ps/Modules/Alkami.DevOps.Operations/Private/Get-ADUserProfileListToRemove.ps1

function Get-ADUserProfileListToRemove {
    <#
.SYNOPSIS
    Retrieves an array of CIM instance user profiles that can be removed.

.DESCRIPTION
    Retrieves an array of CIM instance user profiles that can be removed.  Excludes user profiles
    where the name of the folder contains the name of a user who has a running process. Will skip
    any profiles whose path contains '$' in an attempt to exclude gMSA accounts.

.PARAMETER ComputerName
    The name of the server where the operation should be performed.  If omitted, defaults to the current host.

.PARAMETER Domains
    Array of domains to process.  If omitted, defaults to both CORP and FH.

.OUTPUTS
    An array of CIM instance user profile objects.
#>
    [CmdLetBinding()]
    [OutputType([object[]])]
    param(
        [Parameter(Mandatory = $false)]
        [string] $ComputerName = $null,

        [Parameter(Mandatory = $false)]
        [ValidateSet('CORP', 'FH')]
        [string[]] $Domains = @('CORP', 'FH')
    )

    # Define the hardcoded list of usernames to skip per SYSENG-4133.
    $exclusionList = @(
        'appviewx-svc',
        'fh-netwrixmsa',
        'jumpbox.jenkins'
    )

    # Get the AD user profiles.
    $result = Get-ADUserProfileList -ComputerName $ComputerName -Domains $Domains

    # Filter out users with active processes.
    $activeUsernames = Get-UsernamesWithProcesses -ComputerName $ComputerName
    $result = $result | Where-Object {
        $username = $_.LocalPath.Split('\')[-1]
        return ($activeUsernames -notcontains $username)
    }

    # Filter out users in our exclusion list.
    $result = $result | Where-Object {
        $username = $_.LocalPath.Split('\')[-1]
        return ($exclusionList -notcontains $username)
    }

    # Filter out users with a '$' in their local path (probably gMSA).
    $result = $result | Where-Object { -not $_.LocalPath.Contains('$') }

    return $result
}
First full commit 2023-05-30 22:51:22 -07:00			`function Get-ADUserProfileListToRemove {`
			`<#`
			`.SYNOPSIS`
			`Retrieves an array of CIM instance user profiles that can be removed.`

			`.DESCRIPTION`
			`Retrieves an array of CIM instance user profiles that can be removed. Excludes user profiles`
			`where the name of the folder contains the name of a user who has a running process. Will skip`
			`any profiles whose path contains '$' in an attempt to exclude gMSA accounts.`

			`.PARAMETER ComputerName`
			`The name of the server where the operation should be performed. If omitted, defaults to the current host.`

			`.PARAMETER Domains`
			`Array of domains to process. If omitted, defaults to both CORP and FH.`

			`.OUTPUTS`
			`An array of CIM instance user profile objects.`
			`#>`
			`[CmdLetBinding()]`
			`[OutputType([object[]])]`
			`param(`
			`[Parameter(Mandatory = $false)]`
			`[string] $ComputerName = $null,`

			`[Parameter(Mandatory = $false)]`
			`[ValidateSet('CORP', 'FH')]`
			`[string[]] $Domains = @('CORP', 'FH')`
			`)`

			`# Define the hardcoded list of usernames to skip per SYSENG-4133.`
			`$exclusionList = @(`
			`'appviewx-svc',`
			`'fh-netwrixmsa',`
			`'jumpbox.jenkins'`
			`)`

			`# Get the AD user profiles.`
			`$result = Get-ADUserProfileList -ComputerName $ComputerName -Domains $Domains`

			`# Filter out users with active processes.`
			`$activeUsernames = Get-UsernamesWithProcesses -ComputerName $ComputerName`
			`$result = $result \| Where-Object {`
			`$username = $_.LocalPath.Split('\')[-1]`
			`return ($activeUsernames -notcontains $username)`
			`}`

			`# Filter out users in our exclusion list.`
			`$result = $result \| Where-Object {`
			`$username = $_.LocalPath.Split('\')[-1]`
			`return ($exclusionList -notcontains $username)`
			`}`

			`# Filter out users with a '$' in their local path (probably gMSA).`
			`$result = $result \| Where-Object { -not $_.LocalPath.Contains('$') }`

			`return $result`
			`}`