pwsh

1. Function Get-SidToUser {
2. param (
3. [parameter(Mandatory=$true)]
4. [String]$SID
5. )
6. $ad = [adsi]"LDAP://<SID=$SID>"
7. $UserID = $ad.sAMAccountName
8. $UserName = $ad.Name
9. if ($UserID) {
10. $obj = [PSCustomObject]@{UserID = $UserID ; Name = $UserName}
11. return $obj
12. } else {
13. throw "Invalid SID."
14. }
15. }
16.  
17. Function Write-ArrayToTable{
18. param(
19. [String[]]$Names,
20. [Object[][]]$Data
21. )
22. $myProps = for($i = 0;; ++$i){
23. $Props = [ordered]@{}
24. for($j = 0; $j -lt $Data.Length; ++$j){
25. if($i -lt $Data[$j].Length){
26. $Props.Add($Names[$j], $Data[$j][$i])
27. }
28. }
29. if(!$Props.get_Count()){
30. break
31. }
32. [PSCustomObject]$Props
33. }
34. $myProps | Format-Table
35. }
36.  
37. Function Read-YesNo {
38. param(
39. [String]$Title="Confirmation needed.",
40. [String]$Message="Are you sure?"
41. )
42.  
43. $choiceYes = New-Object System.Management.Automation.Host.ChoiceDescription "&Yes", "Answer Yes."
44. $choiceNo = New-Object System.Management.Automation.Host.ChoiceDescription "&No", "Answer No."
45. $options = [System.Management.Automation.Host.ChoiceDescription[]]($choiceYes, $choiceNo)
46. $result = $host.ui.PromptForChoice($title, $message, $options, 1)
47. switch ($result) {
48. 0 {
49. return $true
50. }
51. 1 {
52. return $false
53. }
54. }
55. }
56.  
57. $IgnoredAccounts = @($env:UserName,'Public','default','administrator', `
58. 'technology','tech','tech2','cnb')
59.  
60. Write-Host
61. $Computer = Read-Host -Prompt "Enter the computer name"
62.  
63. if (Test-Connection -ComputerName $Computer -Quiet) {
64.  
65. [System.Collections.ArrayList]$BadProfiles = @()
66. [System.Collections.ArrayList]$RemovedProfiles = @()
67. [System.Collections.ArrayList]$LockedProfiles = @()
68.  
69. [System.Collections.ArrayList]$objBadProfiles = @()
70.  
71. [System.Collections.ArrayList]$tmp = @()
72.  
73. $Profiles = Get-CimInstance Win32_UserProfile -ComputerName $Computer -ea 0 `
74. | Where-Object { !($_.Special) } `
75. | Where-Object { $_.LocalPath.split('\')[-1] -notin $IgnoredAccounts }
76.  
77. foreach ($profile in $Profiles) {
78. try {
79. $objSID = $profile.SID
80. $objUser = Get-SidToUser -SID $objSID
81. }
82. # SID not found in AD. Add to BadProfiles array.
83. catch {
84. $err = $_.Exception
85. $BadProfiles.Add($profile.LocalPath) > $null
86.  
87. # If profile is locked, add to LockedProfiles array.
88. if ($profile.Loaded -eq $true) {
89. $LockedProfiles.Add($profile.LocalPath) > $null
90. } else {
91. $objBadProfiles.Add($profile) > $null
92. }
93. }
94. }
95.  
96. # Print results
97. if ($BadProfiles.Count -gt 0) {
98. Write-ArrayToTable "Bad Profiles", "Locked Profiles" $BadProfiles, $LockedProfiles | Format-Table
99. } else {
100. Write-Host
101. Write-Host "No bad profiles found on $($Computer.ToUpper())." -ForegroundColor Yellow
102. Write-Host
103. Read-Host "Press enter to exit"
104. exit 0
105. }
106.  
107. $result = Read-YesNo -Title "" -Message "Remove all unlocked bad profiles?"
108. if ($result -eq $true) {
109. foreach ($profile in $objBadProfiles) {
110. Write-Host
111. Write-Host "Removing profile:"
112. Write-Host $profile.LocalPath
113. $profile | Remove-CimInstance
114. $RemovedProfiles.Add($profile.LocalPath) > $null
115. }
116. if ($RemovedProfiles.Count -gt 0) {
117. Write-ArrayToTable "Removed Profiles","tmp" $RemovedProfiles,$tmp
118. } else {
119. Write-Host
120. Write-Host "No profiles removed." -ForegroundColor Yellow
121. Write-Host
122. }
123. Read-Host "Press enter to exit"
124. }
125. else {
126. Write-Host
127. Write-Host "No profiles removed." -ForegroundColor Yellow
128. Write-Host
129. Read-Host "Press enter to exit"
130. exit 0
131. }
132. } else {
133. Write-Host
134. Write-Host "ERROR: $Computer is not accessible." -ForegroundColor Red
135. Read-Host "Press enter to exit"
136. exit 1
137. }
138.