Making a sanity check in powershell. Seeing if refcount is non-zero but the user is logged out. I take out the "DOMAIN\" part of the user. I wish the logon denials were logged when auditing is turned on.
# profilecheck.ps1
function sid2user {
param($id)
$SID = New-Object System.Security.Principal.SecurityIdentifier($id)
$objUser = $SID.Translate([System.Security.Principal.NTAccount])
$objUser.Value -replace 'DOMAIN\\'
}
$qusers = quser
get-itemproperty HKLM:\SOFTWARE\Microsoft\Windows` NT\CurrentVersion\ProfileService\References\* refcount |
select @{n='Sid';e={$_.pschildname}},
@{n='User';e={sid2user $_.pschildname}},
@{n='Refcount';e={$_.refcount[0]}},
@{n='LoggedOut';e={-not [bool]($qusers|select-string (sid2user $_.pschildname))}}
# end profilecheck.ps1
$avd = 0..4 | % tostring avd-0
icm $avd profilecheck.ps1 | ? refcount | ? loggedout | ft
Sid User Refcount LoggedOut PSComputerName RunspaceId
--- ---- -------- --------- -------------- ----------
S-2-6-31-1423303271-3025932689-4187700767-524288 abc123 3 True AVD-3 84594543-d151-53ee-ca1e-ec8a5186ca22