Script: NTFS rights on user home directories

Have a normal Windows setup where the user have a home folder on the file server. All the users is connected to there \\fileserver\home$\%username% via GPO on logon. How ever we found that some of the folders had rights that where messed up. So i wrote a quick script that loopes through all folders and checks if there is a user account in the domain if not it will move the directory to __unconnected__ folder. For all know users it uses cacls command to set rights for the user and admins only. If you need something else you can just edit the cacls command before you run it! Script is provided as is and feel free to modify it...

Download script here:

Option Explicit
'ON ERROR RESUME NEXT
Dim path, objRoot, domainname, fso, rootFolder, folder, objShell, intRunError
path = inputbox("Enter path of homedirs:")

' Get current domain
IF domainname = "" THEN
	SET objRoot = GETOBJECT("LDAP://RootDSE")
	domainname = objRoot.GET("defaultNamingContext")
END IF

' Setup FSO connection
Set fso = CreateObject("Scripting.FileSystemObject")
Set rootFolder = fso.GetFolder(path)
Set objShell = WScript.CreateObject( "WScript.Shell" )

' Go through all homedir folders
For Each folder in rootFolder.SubFolders
	if(FindUser(folder.Name, domainname) = 1) Then
		' Folder found reset the permissions
		wscript.echo folder.Name + " - has a user connected! Reseting the permissions..."
		intRunError = objShell.Run("%COMSPEC% /c Echo Y| cacls " & folder.Path & " /t /c /g Administrators:F ""Domain Admins"":F " & folder.Name & ":F", 1, True)
		If intRunError <> 0 Then
			wscript.echo folder.Name + " - ERROR assigning rights!"
			wscript.echo intRunError
		else
			wscript.echo folder.Name + " - Rights asigned!"
		End If
	elseif(FindUser(folder.Name, domainname) = 0) then
		' This folder isn't connected move it
		If(folder.Name <> "__unconnected__") then
			wscript.echo folder.Name + " - doesn't have a user connected! Moving to .\__unconnected__"
			fso.MoveFolder folder.Path, rootFolder.Path + "\__unconnected__\"
		End If
	else
		wscript.echo "ERROR: Connection to AD failed!"
	End If
Next

Set objRoot = Nothing
Set fso = Nothing
Set rootFolder = Nothing
Set objShell = Nothing

' Function to check if user exists
FUNCTION FindUser(BYVAL UserName, BYVAL Domain) 
	Dim cn,cmd,rs
	SET cn = CREATEOBJECT("ADODB.Connection")
	SET cmd = CREATEOBJECT("ADODB.Command")
	SET rs = CREATEOBJECT("ADODB.Recordset")

	cn.open "Provider=ADsDSOObject;"
	
	cmd.activeconnection=cn
	cmd.commandtext="SELECT ADsPath FROM 'LDAP://" & Domain & _
			 "' WHERE sAMAccountName = '" & UserName & "'"
	
	SET rs = cmd.EXECUTE

	IF err<>0 THEN
		FindUser = 2
		wscript.echo "Error connecting to Active Directory Database:" & err.description
	ELSE
		IF NOT rs.BOF AND NOT rs.EOF THEN
     			rs.MoveFirst
     			FindUser = 1
		ELSE
			FindUser = 0
		END IF
	END IF
	cn.close
END FUNCTION