Hi, There's a nice module on the Technet Gallery for this. https://gallery.technet.microsoft.com/scriptcenter/1abd77a5-9c0b-4a2b-acef-90dbb2b84e85 It has the following command documented: dir -Recurse | Get-OrphanedAce | Remove-Ace
On Wed, Apr 22, 2015 at 8:43 PM, Michael Leone <[email protected]> wrote: > So we have a file server, whose main function is to hold user home > folders. Now, when users leave the company, we have a protocol to use > (disable user in AD; move to special OU; every few months, we delete > those accounts of ex-employees). What we don't seem to do is do > anything with the user's home folder. So I end up with folders that > have ACLs that still point to non-existent SIDs. And I want to > enumerate these, so I can make a special backup, then delete these > folders, for space reasons. > > I know I can do: > > $ACL = Get-ACL <filepath> > $ACL.Access | Select-Object -ExpandProperty IdentityReference > > and it lists just the user/group that has access And one is just a > SID, of course, because the AD account has been deleted. > > So what I need to do is produce a report of all folders that have just > a bare SID in the ACL. (eventually, we will take ownership of said > folder, and then move the contents to a special folder; back it up; > then delete it). > > So what would be the best way to do this - get a list of folders with > a bare SID? Is what I show above a good way (with a WHERE clause, > etc), or is there a better way? > > Thanks > > > ================================================ > Did you know you can also post and find answers on PowerShell in the > forums? > http://www.myitforum.com/forums/default.asp?catApp=1 > > ================================================ Did you know you can also post and find answers on PowerShell in the forums? http://www.myitforum.com/forums/default.asp?catApp=1
