In Windows, you sometimes need to find all files owned by a specific user. Recursively on your Windows Server NTFS file system. PowerShell has some nice cmdlets and features to automate this task for you. Here you'll find example PowerShell scripts to find and list files owned by a specific user...
Find files owned by a user with PowerShell
PowerShell 5.0
Here is the example PowerShell script to list files owned by a user, in Windows Server and recursively. Later on we'll dive in to see what this PowerShell snippet does.
# # Find all files from one owner in Windows using PowerShell. # [String]$username = "[username]"[String]$outfile = "[output_file_path]"$path = Get-ChildItem "." -RecurseForeach( $file in $path ) { $f = Get-Acl $file.FullName if( $f.Owner -eq $username ) { Write-Host( "{0}"-f $file.FullName | Out-File ` -Encoding "UTF8" ` -FilePath $outfile -Append) }}
Don't forget to fill out the variables [username]
and [output_file_path]
. Results are logged to a file.
Some reformatting was done in this code snippet.
PowerShell Cmdlets
Cmdlets are the heart-and-soul of Windows PowerShell. A cmdlet is a lightweight command that is used in the Windows PowerShell environment. The Windows PowerShell runtime invokes these cmdlets within the context of automation scripts that are provided at the command line. The Windows PowerShell runtime also invokes them programmatically through Windows PowerShell APIs.
Find files owned by a user - script explanation
What the above PowerShell script -to find all files owned by a particular user- does is pretty straightforward. First we define a $username
to search for, which can be either an AD user or local user. And we define a path for our results logfile with $outfile
. Both are of the type String.
The Cmdlet Get-ChildItem
is used to get the items and child items (folders and files) in a specified location. The specified location is the current directory: "."
. Since we want to find all files, we recurse into subdirectories using the -Recurse
parameter.
The result - all files - is stored into the $path
variable, through which we loop with Foreach
.
Within our PowerShell Foreach
loop, the Get-Acl
Cmdlet is used to retrieve the ACL's, or Access Control Lists, of that file or directory. E.g, the "permissions". We only want the files owned by the specified user, for which we use the Owner
property. The file (or folder) path itself is stored in .FullName
.
When we've found a match (if ( $f.Owner -eq $username )
), the result is written to our logfile with Write-Host
and a piped Out-File
.
Windows SID to username and vice versa
Get-ChildItem memory usage
Yes, this example PowerShell script can use a lot of memory when run on a directory with millions of files. Use with care.
PowerShell Cmdlets Recursiveness: Why use Get-ChildItem?
You might wonder why we first use Get-ChildItem to dive into a file system before using Get-Acl? Simple: on the "Hey, Scripting Guy" blog we can read that Get-Acl doesn't accept a sort of -Recurse
parameter, that would enable you to retrieve the owners of all the files located in any subfolder. The Get-ChildItem cmdlet does accept the -Recurse
parameter.
PowerShell Cmdlets used
Here are all PowerShell Cmdlets used in this script:
Pretty simple right? :)
Get-ChildItem and Get-Acl one-liner
The above can also be accomplished in a one-liner:
Get-ChildItem "." -force -Recurse ` -ErrorAction 'SilentlyContinue' | ` Get-Acl | Where-Object{ ` $_.Owner -eq "[username]" ` } | Format-List -Property PsPath
Here, -erroraction 'silentlycontinue'
is used to suppress PowerShell errors from being printed. Some formatting was done in this code snippet.
cmd.exe list owner of directory or file in Windows
In a cmd.exe
command-line shell, you can use dir /Q
to display the file owner. Combine this with /S
to display files in the specified directory and subdirectories (e.g recursive), and/or /AD
to only list directories.