Hi, I’m Manish Duggal, software engineer at Microsoft. Work Folders enables users to securely access their files on a Windows Server from Windows, iOS and Android devices. Enterprise IT admins often want to understand Work Folders usage, categorized by active users and type of devices syncing to Work Folders servers.
Overview
In this example, I created three sync shares, for the Finance, HR and Engineering departments. Each sync share is assigned with a unique security group: FinanceSG, HRSG and EngineeringSG.
The scripts below enumerates the users associated with each sync share, and outputs the user sync status to a CSV file, so that you can build charts like:
- The device types used for Work Folders.
- Work Folders devices owned per user.
The script uses cmdlets from following PowerShell modules:
- Work Folders module (SyncShare)
- Get-SyncShare cmdlet
- Get-SyncUserStatus cmdlet
- Active Directory module (ActiveDirectory)
- Get-ADGroupMember cmdlet
The general flow is:
- Enumerate all the sync shares on the Work Folders server
- Enumerate the users in the security groups which associate with each sync share
- Output user sync status to a CSV file
Helper Functions
Three helper functions in the PowerShell script, plus an array declared for user objects:
# get domain name from domain\group (or domain\user) format
function GetDomainName([string] $GroupUserName)
{
$pos = $GroupUserName.IndexOf("\");
if($pos -ge 0)
{
$DomainName = $GroupUserName.Substring(0,$pos);
}
return $DomainName;
}
# get group (or user) only detail from domain\group format
function GetGroupUserName([string] $GroupUserName)
{
$pos = $GroupUserName.IndexOf("\");
if($pos -ge 0)
{
$GroupUserName = $GroupUserName.Substring($pos+1);
}
return $GroupUserName;
}
# Object with User name, Sync share name and Device details
function SetUserDetail([string] $userName, [string] $syncShareName, [string] $deviceName, [string] $deviceOs)
{
#set the object for collection purpose
$userObj = New-Object psobject
Add-Member -InputObject $userObj -MemberType NoteProperty -Name UserName -Value ""
Add-Member -InputObject $userObj -MemberType NoteProperty -Name SyncShareName -Value ""
Add-Member -InputObject $userObj -MemberType NoteProperty -Name DeviceName -Value ""
Add-Member -InputObject $userObj -MemberType NoteProperty -Name DeviceOs -Value ""
$userObj.UserName = $userName
$userObj.SyncShareName = $syncShareName
$userObj.DeviceName = $deviceName
$userObj.DeviceOs = $deviceOs
return $userObj
}
#collection $userCollection=@()
Enumerate the Sync shares on a Work Folders server
To enumerate the available sync shares, run the Get-SyncShare cmdlet:
$syncShares = Get-SyncShare
The $syncShares variable is collection of Sync share objects, like Finance, HR and Engineering
Getting the users for each sync share
To find the users associated with each sync share, first retrieve the security groups associated with the sync share and then get all users in each of the security group:
foreach ($syncShare in $syncShares)
{
$syncShareSGs = $syncShare.User;
foreach ($syncShareSG in $syncShareSGs)
{
$domainName = GetDomainName $syncShareSG
$sgName = GetGroupUserName $syncShareSG
$sgUsers = Get-ADGroupMember -identity $sgName | select SamAccountName
//find Work Folders devices syncing for each user as per logic in next section
}
}
With every iteration, $syncShareSGs detail is value of department’s security group name. For the Finance department, it is FinanceSG. $sgUsers detail is list of SamAccountName for the members of department’s security group.
Enumerate the devices synced with the Work Folders server
To find out user devices syncing with Work Folders server, run Get-SyncUserStatus cmdlet for each user and add the needed details into user object array:
foreach ($sgUser in $sgUsers)
{
#get user detail in domain\user format
$domainUser = [System.String]::Join("\",$domainName,$sgUser.SamAccountName);
#invoke the Get-SyncUserStatus
$syncUserStatusList = Get-SyncUserStatus -User $domainUser -SyncShare $syncShareName
#user may have more than one device
foreach ($syncUserStatus in $syncUserStatusList)
{
#set the user detail and add to list
$resultObj = SetUserDetail $domainUser $syncShareName $syncUserStatus.DeviceName $syncUserStatus.DeviceOs
#add to the user collection
$userCollection += $resultObj
}
}
With every iteration, $syncUserStatusList detail is collection of devices owned by a user. $syncUserStatus is the detail for one device from user’s device collection. This detail is added to the array of user objects.
Export the user and device details to CSV
$userCollection | Export-Csv -Path Report.csv -Force
$userCollection comprises of list of all users associated with Finance, HR and Engineering sync shares and devices syncing with Work Folders server. That collection helps generate a simple CSV report. Here is a sample report generated for the above sync shares
| UserName | SyncShareName | DeviceName | DeviceOs |
| Contoso\EnggUser1 | Engineering | User1-Desktop | Windows 6.3 |
| Contoso\EnggUser1 | Engineering | User1Phone | iOS 8.3 |
| Contoso\EnggUser1 | Engineering | User1-Laptop | Windows 10.0 |
| Contoso\FinanceUser1 | Finance | Finance-Main1 | Windows 10.0 |
| Contoso\FinanceUser1 | Finance | Finance-Branch | Windows 6.3 |
| Contoso\HRUser2 | HR | HR-US | Windows 10.0 |
| Contoso\HRUser2 | HR | iPad-Mini1 | iOS 8.0 |
Summary
You just learned how easy it is build simple tabular report for understanding the Work Folders usage trend in an enterprise. This data could be leveraged further to build interesting graphs such as active usage in enterprise and/or per department sync share as well as weekly and monthly trends for Work Folders adoption in enterprise, thx to available graph generation support in Microsoft Excel.