VMware Horizon Community
A_Mayfield
Contributor
Contributor
‎10-16-2023 05:50 AM

Horizon Profile Cleanup of Stale Users

Hello! This is a pretty long post. Sorry. Just trying to be as detailed as possible, so when this is figured out, others who find this post later can hopefully get some answers.

I need to come up with a way to find stale users and flagging their profiles for deletion from the profile server. I've done some searching around, but haven't found anything specific to my use case. We have a ton profiles on our file server, of which an educated guess would be that 70% - 80% of them aren't used anymore. What I want to do is query the profile server for the list of users that have logged into VDI at least once, then take that list and query AD to see if their AD account still exists. If not, that's obviously a good indicator that the profile folder can be purged. 

Here's where it gets tricky in my mind. Just because a user hasn't logged into a VDI session, doesn't mean they haven't logged in to a machine, so i need to find a way to filter that. This is the part I am stuck on. I know I can run AD queries and show the LastLogonTime attribute of their user object, but that doesn't really mean much, since their user object will be a member of multiple groups, and again, just because they have logged into something, doesn't mean they've logged into their VDI profile. I only want to target those users that haven't logged into VDI for X amount of time. 

Is this something I could do inside the ADAM database with vdmadmin or vdmutil? I have looked through there and found a container named "CN=ForeignSecurityPrincipals". That container does have a bunch of SIDs in there, and if I look at the properties of each, I can see that it's the users, but unfortunately, the properties don't include "LastLogonTime". The only properties with dates in them are as follow:

  • dSCorePropogationData
  • whenChanged
  • whenCreated

In every one that I have looked at, the whenChanged property is only a few seconds different from the whenCreated. The dSCorePropogationData is the same for all the ones I have spot checked. 

 

The nuts and bolts of my question is this:

What is going to give me the most accurate results with the highest probability of success?

Reply
0 Kudos
1 Reply
Mickeybyte
Hot Shot
Hot Shot
‎10-16-2023 07:21 AM

@A_Mayfield 

Not sure if I understand completely what you want but I see 2 possibilities here:

1) some kind of checking the last modification date on the profile folder or a file within that profile folder? 

2) check the Horizon Event database. You could run a query on the database for that specific type of event, group them by username and filter on date. To find the event type you need, just do a general query on the events table to find out which event would best fit your request.

 


Regards,
Mickeybyte (ITPro blog)

If you found this comment useful or an answer to your question, please mark as 'Solved' and/or click the 'Kudos' button, please ask follow-up questions if you have any.
Reply
0 Kudos