Updates/Edits:

10/12/2015: I’ve updated the script to allow multiple, simultaneous changes for a list of bat files, and no need to manually add “.bat” to the list of user account samAccount names.

Prologue

Yes, it’s me again, Ace Fekay.

You’ve already *probably* read my recent blog:

PowerShell Script to Search Netlogon logon scripts and Replace Drive Mappings – 9/10/2015
https://blogs.msmvps.com/acefekay/2015/09/10/script-to-search-netlogon-logon-scripts-and-replace-drive-mappings/

That blog is about searching all script files that end with *.bat, and make changes to the files.

This time we’re going to run something similar, but for a strict list of specific files (user logon scripts) for a list of users. This came about when a request came in to remove access to 140 users and remove their drive mappings, and another request to alter access for 120 users’ scripts.

To remove drive mapping is easy. The following shows our normal mapping method in each script:

:: Access has been provided by Ace Fekay on 10/3/2015 with approval in Ticket# 123456
net use t: /del
net use t: \\contoso.com\sharename

And for the ones we are removing access, we can keep the net use t: .del to delete the mappings when the user logs on, but we want to comment out the mapping, as such:

::Access Removed per Ace Fekay in Ticket# 123456 – net use x: \\contoso.com\SomeShareName$

And of course, this is based on reading a list of script.bat file names in a text file appropriately called, “SomeShareNameRemoveMappingsUserListBat.txt.”

Have fun!

Script:

– Updated script: 10/11/2015:

# *************************************************************************************
# If this is a migration, first run the robocopy script to copy all data
# Then run the netlogon report script to see how many bat files in netlogon
#    reference OldServerName
# Then run this script to replace any reference to OldServerName in the batch
#    files for each share.
# *************************************************************************************
# Modified by Ace Fekay 10/11/2015
#
# Changes:
#    Input file just needs to be samAccount names and no longer need .bat suffixed
#    Allows to change multiple scripts as long as they have a common name,
#    such as the server name
#    Accommodates if the multiple users have different mapped drive letters.
#
# *************************************************************************************

get-credential

# Used for testing – $Path = “\\contoso.com\NETLOGON\test-RemoveMapping2”

$Path = “\\contoso.com\NETLOGON”
$WhatAmIlookingFor = “contoso.com”

#This grabs the list of user UserAccounts from the input file.
$SourceListOfUserAccounts = “C:\PSScripts\Netlogon Search and Replace\UserFileList.txt”

#Example of UserFileList.txt:
# username1
# username2
# username3
# etc

cd $Path
$RemoveMappedDriveFromUserList = (get-content $SourceListOfUserAccounts)
$UserCount = 0
$MappingsRemoved = 0

Foreach ($User in $RemoveMappedDriveFromUserList) {

#This will annotate/suffix “.bat” to the end of each user name
$UserScript = $User+”.bat”
$UserCount++

$file = get-content $UserScript

#only modify files that contain the string $WhatAmILookingFor
if (Select-String -InputObject $file $WhatAmIlookingFor){

$MappingsRemoved++

    $file = $file -replace “net use .?\: \\\\contoso.com\\ShareName1″,”::Mapped Drive Access Removed by Ace Fekay per Ticket# 123456 – net use ?: \\contoso.com\ShareName1“
    $file = $file -replace “net use .?\: \\\\contoso.com\\ShareName2\$”,”::Mapped Drive Access Removed by Ace Fekay per Ticket# 123456 – net use ?: \\Malvern\output$ \\contoso.com\ShareName2$“
    $file = $file -replace “net use .?\: \\\\contoso.com\\ShareName3″,”::Mapped Drive Access Removed by Ace Fekay per Ticket# 123456 – net use ?: \\contoso.com\ShareName3“

# *************************************************************************************
# Previous stuff I kept here for future reference but commented out:
#    $file = $file -replace “\\\\OldServerName\\ShareName1$”,”\\contos.com\ShareName1$”
#    $file = $file -replace “\\\\OldServerName\\ShareName2″,”\\contos.com\ShareName2”
#    $file = $file -replace “\\\\OldServerName\\ShareName3″,”\\contos.com\ShareName3”
#    $file = $file -replace “\\\\OldServerName\\ShareName4″,”\\contos.com\ShareName4”
#    $file = $file -replace “\\\\OldServerName\\ShareName5″,”\\contos.com\ShareName5”
#    $file = $file -replace “\\\\OldServerName\\ShareName6″,”\\contos.com\ShareName6”
#    $file = $file -replace “\\\\OldServerName\\ShareName7″,”\\contos.com\ShareName7”
#    $file = $file -replace “\\\\OldServerName\\ShareName8″,”\\contos.com\ShareName8”
#    $file = $file -replace “\\\\OldServerName\\ShareName9″,”\\contos.com\ShareName9”
# *************************************************************************************

#comment out net time statements if they exist
    $file = $file -replace “^net time”,”REM net time”

#write out the changes
    Set-Content -Value $file -Path $UserScript
    write-host $UserScript “was changed to” $file
    }
}

write-host “Total users:” $UserCount
write-host “Total Mappings removed:” $MappingsRemoved
# *************************************************************************************
# *************************************************************************************

– Old script prior to 10/10/2015:

# *************************************************************************************
# If this is for post-migration, first run the robocopy script to copy all data
# Then run the netlogon search report script to see how many script.bat files in netlogon reference SomehareName
# Then run this to replace any reference to SomeShareName to TheNewShareName or even just to disable the share or shares.
# Highly modified by Ace Fekay 10/3/2015
# *************************************************************************************

get-credential

$Path = “\\contoso.com\NETLOGON”

# This code snippet gets all the files in $Path that end in “.bat”.
cd $Path

$RemoveMappedDriveFromUserList = (get-content “C:\PSScripts\Netlogon Search and Replace\SomeShareNameRemoveMappingsUserListBat.txt”)

$UserCount = 0
$MappingsRemoved = 0

Foreach ($User in $RemoveMappedDriveFromUserList) {
$UserCount++
$file = $RemoveMappedDriveFromUser

# Only modify files that contain the string “SomeShareName”
if (Select-String -InputObject $file “SomeShareName”){

$MappingsRemoved++

# Note that the following is doing a number of things, such as commenting out mappings that they are no longer permitted to use,
# providing comments, changing or updating sharenames, etc.
    $file = $RemoveMappedDriveFromUser
    $file = $file -replace “net use g\: \\\\contoso.com\\SomeShareName\$”,”::Access Removed per Ace Fekay in Ticket# 123456 – net use g: \\contoso.com\SomeShareName$”
    $file = $file -replace “net use X\: \\\\contoso.com\\SomeShareName\$”,”::Access Removed per Ace Fekay in Ticket# 123456 – net use x: \\contoso.com\SomeShareName$”
    $file = $file -replace “net use z\: \\\\contoso.com\\SomeOldShareName\$”,”net use z: \\contoso.com\SomeNewShareName$”
    $file = $file -replace “\\\\OldServerName\\ShareName1$”,”\\contoso.com\ShareName1$”
    $file = $file -replace “\\\\OldServerName\\ShareName2$”,”\\contoso.com\ShareName2$”
    $file = $file -replace “\\\\OldServerName\\ShareName3$”,”\\contoso.com\ShareName3$”
    $file = $file -replace “\\\\OldServerName\\ShareName4$”,”\\contoso.com\ShareName4$”
    $file = $file -replace “\\\\OldServerName\\ShareName5$”,”\\contoso.com\ShareName5$”

# Comment out net time statements
    $file = $file -replace “^net time”,”REM net time”

# Write out the changes
    Set-Content -Value $file -Path $_;
    }
}

write-host “Total users:” $UserCount
write-host “Total Mappings removed:” $MappingsRemoved
# *************************************************************************************

More to come…

Comments are welcomed.

==================================================================

Summary

I hope this helps!

Published 10/3/2015

Ace Fekay
MVP, MCT, MCSE 2012, MCITP EA & MCTS Windows 2008/R2, Exchange 2013, 2010 EA & 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP – Directory Services

Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

This posting is provided AS-IS with no warranties or guarantees and confers no rights.

Prologue

Ace Fekay here again!

Once again, As many of you know, I’m an avid Active Directory and Exchange server engineer/architect, and an MVP in Active Directory. And why am I posting simple stuff, you ask. Well, because we need to use this stuff day to day, that’s why.

Yea, this may be simple, but you’d be surprised who may struggle with it, like I did. I had to get help from a colleague who put the bulk of this together. I first had an idea with my beginner’s mentality to do it a little differently, but when I saw what he suggested, I said, hmm, I still have lots to learn.

I hope this, and my future scripts, especially with Office 365, help you out.

Scope

After migrating shares from one server to another server using a Robocopy script (that I’ll post later), we needed to change the drive mappings in the logon scripts in the Netlogon share.

Keep in mind, we already have a robust DFS in place. The new sharename has targets to the old server. However, we needed to change any logon scripts still referencing the old server by either NetBIOS or by FQDN (OldServer.domain.com).Well, with 28,000 scripts, that’s something we’re not going to do manually.

This script replaces any mappings using the old server name, “OldServer” such as either \\olderserver\sharename or \\oldserver.contoso.com\sharename, to the new DFS name, \\contoso.com\NewShareName.

Code

This works fine. Watch the word-wrap in the blog.

# First run the robocopy script to copy all data
# Then run the netlogon report script to see how many bat files in netlogon reference OldServer
# Then run this script to replace any reference to “OldServer” to the new DFS sharename in the batch files for each share.
# By Ace Fekay and a colleague, who put together the bulk of this together.
# I added counters and report to the screen.

# If you need to run it as a different users, un-remark the following
# get-credential

$Path = “\\contoso.com\NETLOGON\”
$FilesAltered = 0
$FilesProcessed = 0

# This code snippet gets all the files in $Path that end in “.bat”.
cd $Path

Get-ChildItem -Filter “*.bat” | foreach{
$file = Get-Content $_

    #only modify files that contain the string “OldServer”
    if (Select-String -InputObject $file “OldServer”){

    $file = Get-Content $_
    $file = $file -replace “\\\\OldServer\\Users”,”\\contoso.com\\OldServer-Users”
    $file = $file -replace “\\\\OldServer.contoso.com\\users”,”\\contoso.com\OldServer-User”
    $file = $file -replace “\\\\OldServer\\Department”,”\\contoso.com\\OldServer-Department”
    $file = $file -replace “\\\\OldServer.contoso.com\\Department”,”\\contoso.com\OldServer-Departmentt”
    $file = $file -replace “\\\\OldServer\\GDrive”,”\\contoso.com\OldServer-GDrive”
    $file = $file -replace “\\\\OldServer\\FDrive”,”\\contoso.com\OldServer-FDrive”
    $file = $file -replace “\\\\OldServer\\HDrive”,”\\contoso.com\OldServer-HDrive”
    $file = $file -replace “\\\\OldServer\\Share2\$”,”\\contoso.com\OldServer-Share2$”

#comment out any net time statements, if they exist
    $file = $file -replace “^net time”,”REM net time”

#write out the changes
    Set-Content -Value $file -Path $_;
    Write-Host $_.Name
    write-host $file
    Write-Host “”
    $FilesAltered++
   }
$FilesProcessed++
}
Write-Host $FilesAltered ” altered out of a total of” $FilesProcessed “files processed.”