59 lines
1.9 KiB
PowerShell
59 lines
1.9 KiB
PowerShell
function Get-ADUserProfileListToRemove {
|
|
<#
|
|
.SYNOPSIS
|
|
Retrieves an array of CIM instance user profiles that can be removed.
|
|
|
|
.DESCRIPTION
|
|
Retrieves an array of CIM instance user profiles that can be removed. Excludes user profiles
|
|
where the name of the folder contains the name of a user who has a running process. Will skip
|
|
any profiles whose path contains '$' in an attempt to exclude gMSA accounts.
|
|
|
|
.PARAMETER ComputerName
|
|
The name of the server where the operation should be performed. If omitted, defaults to the current host.
|
|
|
|
.PARAMETER Domains
|
|
Array of domains to process. If omitted, defaults to both CORP and FH.
|
|
|
|
.OUTPUTS
|
|
An array of CIM instance user profile objects.
|
|
#>
|
|
[CmdLetBinding()]
|
|
[OutputType([object[]])]
|
|
param(
|
|
[Parameter(Mandatory = $false)]
|
|
[string] $ComputerName = $null,
|
|
|
|
[Parameter(Mandatory = $false)]
|
|
[ValidateSet('CORP', 'FH')]
|
|
[string[]] $Domains = @('CORP', 'FH')
|
|
)
|
|
|
|
# Define the hardcoded list of usernames to skip per SYSENG-4133.
|
|
$exclusionList = @(
|
|
'appviewx-svc',
|
|
'fh-netwrixmsa',
|
|
'jumpbox.jenkins'
|
|
)
|
|
|
|
# Get the AD user profiles.
|
|
$result = Get-ADUserProfileList -ComputerName $ComputerName -Domains $Domains
|
|
|
|
# Filter out users with active processes.
|
|
$activeUsernames = Get-UsernamesWithProcesses -ComputerName $ComputerName
|
|
$result = $result | Where-Object {
|
|
$username = $_.LocalPath.Split('\')[-1]
|
|
return ($activeUsernames -notcontains $username)
|
|
}
|
|
|
|
# Filter out users in our exclusion list.
|
|
$result = $result | Where-Object {
|
|
$username = $_.LocalPath.Split('\')[-1]
|
|
return ($exclusionList -notcontains $username)
|
|
}
|
|
|
|
# Filter out users with a '$' in their local path (probably gMSA).
|
|
$result = $result | Where-Object { -not $_.LocalPath.Contains('$') }
|
|
|
|
return $result
|
|
}
|