Get-UserProfile

1. function Get-UserProfile{
2.         <#
3.         .SYNOPSIS
4.             Use WMI to query a computer about local profiles on the machine
5.         .Description
6.             This Fucntion is used to get information about local profiles on a computer. This will return information about any local profile, including the local cache of the domain accounts. By default returns the SID, Local path, and Last Use Time of the account; the -verbose flag can be used to return additional information.
7.         .PARAMETER UserID
8.             UserID to search for. If left blank will default to all users. By default UserID must match exactly, but you can use the wildcard '%' to perform more general seraches
9.         .PARAMETER Computer
10.             Computer to query for user accounts. Leaving Blank will default to 'localhost'.
11.         .PARAMETER ExcludeSystemAccounts
12.             Filters out System accounts (e.g. System, Network Service). This is done by looking at the 'special' property, which does not filter out users non-windows programs may create.
13.         .PARAMETER OnlyLoaded
14.             Setting this parameter shows only profiles that are currently in Use -- Combine with -ExcludeSystemAccounts and you can get a pretty good idea of who is currently logged into a machine.
15.         .PARAMETER ExcludeLoaded
16.             Returns only user profiles that are not currently in use. This is useful if you need to clear out profiles.
17.         .PARAMETER Verbose
18.             Returns Full user porfile data, rather than the default SID,LocalPath,LastUseTime
19.         .PARAMETER OlderThan
20.             Filter Results based on datetime. This requires a datetime object
21.         .Example
22.             Get-UserProfile -UserID MyUser
23.             Basic usage to see if the user "MyUser" exists on the local machine.
24.         .Example
25.             Get-UserProfile -Computer RDSServ1.mydomain.com
26.             Lists all user Profiles from remote computer "RDSServ1.mydomain.com"
27.         .Example
28.             Get-UserProfile -Computer RDSServ1.mydomain.com -ExcludeSystemAccounts -OnlyLoaded
29.             Lists non-system user profiles from remote computer currently marked as loaded. This gives a pretty good idea of who is currently logged into a remote machine.
30.         .Example
31.             Get-UserProfile -OlderThan $((get-date).adddays(-14))
32.             Lists user profiles that have not been used on the localhost in 14 days.
33.         .Notes
34.             Author: Keith Ballou
35.             Date: Oct 15, 2014
36.  
37.             This Script Relies on Convert-UTCtoDateTime -- A function for converting UTC strings to DateTime Objects
38.  
39.  
40.     #>
41.     [CmdletBinding()]
42.       param(
43.      [Parameter(Mandatory=$False)][string]$UserID="%",
44.      [Parameter(Mandatory=$False)][string]$Computer="LocalHost",
45.      [Parameter(Mandatory=$False)][switch]$ExcludeSystemAccounts,
46.      [Parameter(Mandatory=$False)][switch]$OnlyLoaded,
47.      [Parameter(Mandatory=$False)][switch]$ExcludeLoaded,
48.      [Parameter(Mandatory=$False)][datetime]$OlderThan  
49.      
50.     )
51. if(!(Get-Command Convert-UTCtoDateTime -ErrorAction SilentlyContinue)){
52.     write-host -BackgroundColor "Black" -ForegroundColor "Red" "################################################################################"
53.     write-host -BackgroundColor "Black" -ForegroundColor "Red" "#                                                                               "
54.     write-host -BackgroundColor "Black" -ForegroundColor "Red" "This Program Requires cmdlet ""Convert-UTCtoDateTime""                          "
55.     write-host -BackgroundColor "Black" -ForegroundColor "Red" "Find it here:                                                                   "
56.     write-host -BackgroundColor "Black" -ForegroundColor "Red" "http://pastebin.com/SSKJ4bwt                                                    "
57.     write-host -BackgroundColor "Black" -ForegroundColor "Red" "#                                                                               "
58.     write-host -BackgroundColor "Black" -ForegroundColor "Red" "################################################################################"
59.     break;
60. }
61. if($Computer.ToLower() -eq "localhost"){
62.    
63.    
64.     $Return = Get-WmiObject -Query "Select * from win32_userprofile where LocalPath like '%\\$UserID'"
65.    
66.  
67. }
68. else{
69.     $Return = get-wmiobject -ComputerName $Computer -Query "Select * from win32_userprofile where LocalPath like '%\\$UserID'"
70. }
71.  
72. #Filter System Accounts
73. if($ExcludeSystemAccounts){
74.     $Return = $Return | Where-Object -Property Special -eq $False
75. }
76. #Filter out Loaded Accounts
77. if($ExcludeLoaded){
78.     $Return = $Return | Where-Object -Property Loaded -eq $False
79. }
80. #Filter otherthan loaded accounts
81. if($OnlyLoaded){
82.     $Return = $Return | Where-Object -Property Loaded -eq $True
83. }
84.  
85. #Filter on lastusetime
86. if([bool]$OlderThan){
87. $Return | Where-Object -property LastUseTime -eq $Null | % {Write-Host -BackgroundColor "Black" -ForegroundColor "Yellow" $_.LocalPath " Has no 'LastUseTime', omitting" }
88. $Return = $Return | Where-Object -property LastUseTime -ne $Null
89. $Return = $Return | Where-Object {$(Convert-UTCtoDateTime $_.LastUseTime -ToLocal) -lt $OlderThan }
90. }
91.  
92. if($PSBoundParameters['Verbose'])
93. {
94. Write-Output $Return
95. }
96. else{
97.  Write-Output $Return | Select SID,LocalPath,@{Label="Last Use Time";Expression={Convert-UTCtoDateTime $_.LastUseTime -ToLocal}}    
98. }
99.  
100. }