Have a normal Windows setup where the user have a home folder on the file server? All the users are connected to their \\fileserver\home$\%username% via GPO on logon. However we found that some of the folders had rights that where messed up. So I wrote a quick script that loopes through all folders and checks if there is a user account in the domain; if not it will move the directory to the __unconnected__ folder. For all know users it uses cacls command to set rights for the user and admins only. If you need something else you can just edit the cacls command before you run it! Script is provided as is and feel free to modify it...
Dim path, objRoot, domainname, fso, rootFolder, folder, objShell, intRunError
path = inputbox("Enter path of homedirs:")
IF domainname = "" THEN
SET objRoot = GETOBJECT("LDAP://RootDSE")
domainname = objRoot.GET("defaultNamingContext")
Set fso = CreateObject("Scripting.FileSystemObject")
Set rootFolder = fso.GetFolder(path)
Set objShell = WScript.CreateObject( "WScript.Shell" )
For Each folder in rootFolder.SubFolders
if(FindUser(folder.Name, domainname) = 1) Then
wscript.echo folder.Name + " - has a user connected! Reseting the permissions..."
intRunError = objShell.Run("%COMSPEC% /c Echo Y| cacls " & folder.Path & " /t /c /g Administrators:F ""Domain Admins"":F " & folder.Name & ":F", 1, True)
If intRunError <> 0 Then
wscript.echo folder.Name + " - ERROR assigning rights!"
wscript.echo folder.Name + " - Rights asigned!"
elseif(FindUser(folder.Name, domainname) = 0) then
If(folder.Name <> "__unconnected__") then
wscript.echo folder.Name + " - doesn't have a user connected! Moving to .\__unconnected__"
fso.MoveFolder folder.Path, rootFolder.Path + "\__unconnected__\"
wscript.echo "ERROR: Connection to AD failed!"
Set objRoot = Nothing
Set fso = Nothing
Set rootFolder = Nothing
Set objShell = Nothing
FUNCTION FindUser(BYVAL UserName, BYVAL Domain)
SET cn = CREATEOBJECT("ADODB.Connection")
SET cmd = CREATEOBJECT("ADODB.Command")
SET rs = CREATEOBJECT("ADODB.Recordset")
cmd.commandtext="SELECT ADsPath FROM 'LDAP://" & Domain & _
"' WHERE sAMAccountName = '" & UserName & "'"
SET rs = cmd.EXECUTE
IF err<>0 THEN
FindUser = 2
wscript.echo "Error connecting to Active Directory Database:" & err.description
IF NOT rs.BOF AND NOT rs.EOF THEN
FindUser = 1
FindUser = 0