Powershell Windows in a Domain: how to retrieve actual home directory of renamed user

Question

Over the course of time, our organization has gone through some profile name changs (i.e. when a person marries) and there has not been a standard of also renaming the user's home directory. So we have users like MarySmith whose directories are like C:\USERS\MaryJones. No problem thus far, but now we would like to clean these up to avoid confusion. (MarySmith / MaryJones used here are for illustrative purposes only.) We are beginning to go through some security measures and elimination of this "confusion" plays a part in the process.

So our first step, was to identify the cases where this has taken place. On the Domain Controllers, we issued a PowerShell command like this, for an initial Proof of Concept:

get-ADUser MarySmith -properties * | Export-CSV -path C:\SOME\PATH.csv

What we found was that there is no mention there of the MaryJones folder at all. There is a HomeDirectory property, but it's empty.

Digging a little further, in Active Directory Users and Computers (ADUC) when we pull up properties for the user, we also don't see a difference for Profile Path, Login script, Home Folder ... all empty. And yet when the user (MarySmith) logs in, the NTUSER.DAT file in C:\USERS\MaryJones gets updated.

Who can help us understand how to retrieve the correct information, and maybe along the way how Windows keeps track of the fact that those names are associated? I'm convinced if we could retrieve this association we could eliminate some problems.

Thanks, Dennis

Answer 1

Thanks to the suggestions of @Lee_Daily and @Thomas in the comments on the question, we've come up with a workable solution (there are a few that would not translate (caught nicely by the Try/Catch - looking into that - will update answer when understood).

UPDATE The ones that would not translate, were due to NTUSER.DAT files remaining on the system after their associated users had been removed from the directory. ***

Here are the relevant pieces of the script that we came up with:

$FOLDERS = Get-ChildItem -Path "C:\users\" 
ForEach ($FOLDER in $FOLDERS) {
    $NTUSER = $FOLDER.FullName + "\NTUSER.DAT"
    if (Test-Path $NTUSER) { # Profile file exists
    $SID = (Get-CimInstance -ClassName Win32_UserProfile | Where-Object {$_.LocalPath -like $FOLDER.FullName}).sid
        $USEROBJ = New-Object System.Security.Principal.SecurityIdentifier($SID)
        if ($USEROBJ -ne $NULL) {
            try {
                $USERNAME = $USEROBJ.Translate( [System.Security.Principal.NTAccount]).Value
                }
            catch [exception] {
                $USERNAME = $NULL
                }
            }
        if ($USERNAME -eq $Null) {
                Write-Host "Couldn't resolve user for $SID $FOLDER "
            }
        else {
            #Here we have a valid NTUSER path, and a profile name.
            #Now we can make miracles happen.
            A-Miracle-Happens($FOLDER.FullName, $USERNAME)
            }
        }
    }    

Thanks, Guys.