Saving space by finding Obsolete Home Directories
A common problem we come across when we visit customers, is that their file servers gradually fill up, no matter what they do. They ask (or demand from) their end users to regularly clean up their public folders, home directories and profiles. They scan their file systems for avi and mp3 files, but there’s no escaping it. Free space runs out.
Part of the problem is that over time file sizes increase (I think I read somewhere that word docs double in size every four years or so. And now we have a thingie called HD movie rips). Another problem is that home and profile directories are not always deleted when an employee leaves the organization.
There are perfectly understandable reasons for this. I think it’s safe to say that most admins hate this particular job, if only because deleting home directories is not without risk. Are you sure you can delete that home directory? Are you really really sure? Shouldn’t we move it to some, uh, backup place first?
And how can you be sure? Well, there are some criteria that can tell you with a fair amount of certainty whether or not a home (or profile) directory can be deleted.
5 Criteria for identifying obsolete directories
1. Does the folder name exist as a username? Most home and profile directories are named after the end user’s username.
2. If the folder name exists as a username, is this user object disabled or expired?
3. Does the folder name exist as a username in the ACL list? In most cases, the end user has been granted explicit access to his or her home directory.
4. Have any other users or groups been granted explicit access to this folder? Even if the original end user’s object no longer exists, others might still be using the home directory.
5. Finally, when was the last time the folder was written to? This value is only updated when a file or directory in the folder has changed.
So, if there is no corresponding username, or that username is disabled or expired, or that username does not exist in the folder’s ACL list, nor does any other user or group, and the folder hasn’t been written to for three months — then, I can tell you, that folder is no longer used by anyone.
With ADUC AdminPlus you can scan your file systems for obsolete home and profile directories, with the criteria above (and a couple of others). The space saved on deletion is also listed.
When we run this function on the file servers of our customers we can free up, on average (it depends a lot on the ethos of that one admin) about 10% of disk space. In an organization with, say 3000 employees, which all have, say, 10 gig of disk space at their disposal, that amounts to a lot of disk space. More importantly, this data does not need to be backed up every night (and backing up data is usually more expensive than the disk space itself).
- ACTIVE DIRECTORY TASK DELEGATION TO END USERS
Today I’m going to talk a little more on Active...
- Domain Local, Global And Universal Groups
We’ve had quite a few questions about the difference...
- Access Token Overview
Today I want to talk a little about access tokens,...
- Remove a member from a number of groups in a single action
This is often the way things go: one of our developers...
- How to delegate Active Directory tasks for IT defense safely?
DYNAMIC INTERFACING or ANOTHER WAY OF TASK DELEGATION...