Building Work Folders Sync Reports

Hi, I’m Manish Duggal, software engineer at Microsoft. Work Folders enables users to securely access their files on a Windows Server from Windows, iOS and Android devices. Enterprise IT admins often want to understand Work Folders usage, categorized by active users and type of devices syncing to Work Folders servers.

Overview

In this example, I created three sync shares, for the Finance, HR and Engineering departments. Each sync share is assigned with a unique security group: FinanceSG, HRSG and EngineeringSG.

The scripts below enumerates the users associated with each sync share, and outputs the user sync status to a CSV file, so that you can build charts like:

  1. The device types used for Work Folders.
  2. Work Folders devices owned per user.

The script uses cmdlets from following PowerShell modules:

  1. Work Folders module (SyncShare)
    1. Get-SyncShare cmdlet
    2. Get-SyncUserStatus cmdlet
  2. Active Directory module (ActiveDirectory)
    1. Get-ADGroupMember cmdlet

The general flow is:

  1. Enumerate all the sync shares on the Work Folders server
  2. Enumerate the users in the security groups which associate with each sync share
  3. Output user sync status to a CSV file

Helper Functions

Three helper functions in the PowerShell script, plus an array declared for user objects:

# get domain name from domain\group (or domain\user) format
function GetDomainName([string] $GroupUserName)
{
    $pos = $GroupUserName.IndexOf("\");
    if($pos -ge 0)
    {
        $DomainName = $GroupUserName.Substring(0,$pos);
    }
    return $DomainName;
}
# get group (or user) only detail from domain\group format
function GetGroupUserName([string] $GroupUserName)
{
    $pos = $GroupUserName.IndexOf("\");
    if($pos -ge 0)
    {
        $GroupUserName = $GroupUserName.Substring($pos+1);
    }
    return $GroupUserName;
}
# Object with User name, Sync share name and Device details
function SetUserDetail([string] $userName, [string] $syncShareName, [string] $deviceName, [string] $deviceOs)
{
    #set the object for collection purpose
    $userObj = New-Object psobject
    Add-Member -InputObject $userObj -MemberType NoteProperty -Name UserName -Value ""
    Add-Member -InputObject $userObj -MemberType NoteProperty -Name SyncShareName -Value ""
    Add-Member -InputObject $userObj -MemberType NoteProperty -Name DeviceName -Value ""
    Add-Member -InputObject $userObj -MemberType NoteProperty -Name DeviceOs -Value ""
    $userObj.UserName = $userName
    $userObj.SyncShareName = $syncShareName
    $userObj.DeviceName = $deviceName
    $userObj.DeviceOs = $deviceOs
    return $userObj
}
#collection
$userCollection=@()

Enumerate the Sync shares on a Work Folders server

To enumerate the available sync shares, run the Get-SyncShare cmdlet:

$syncShares = Get-SyncShare

The $syncShares variable is collection of Sync share objects, like Finance, HR and Engineering

Getting the users for each sync share

To find the users associated with each sync share, first retrieve the security groups associated with the sync share and then get all users in each of the security group:

foreach ($syncShare in $syncShares)
{
    $syncShareSGs = $syncShare.User;
    foreach ($syncShareSG in $syncShareSGs)
    {           
     $domainName = GetDomainName $syncShareSG
     $sgName = GetGroupUserName $syncShareSG 
     $sgUsers = Get-ADGroupMember -identity $sgName | select SamAccountName
  //find Work Folders devices syncing for each user as per logic in next section
    }
 }

With every iteration, $syncShareSGs detail is value of department’s security group name. For the Finance department, it is FinanceSG. $sgUsers detail is list of SamAccountName for the members of department’s security group.

Enumerate the devices synced with the Work Folders server

To find out user devices syncing with Work Folders server, run Get-SyncUserStatus cmdlet for each user and add the needed details into user object array:

foreach ($sgUser in $sgUsers)
{
#get user detail in domain\user format
$domainUser = [System.String]::Join("\",$domainName,$sgUser.SamAccountName);
#invoke the Get-SyncUserStatus
       $syncUserStatusList = Get-SyncUserStatus -User $domainUser -SyncShare $syncShareName
#user may have more than one device
       foreach ($syncUserStatus in $syncUserStatusList)
       {
        #set the user detail and add to list
        $resultObj = SetUserDetail $domainUser $syncShareName $syncUserStatus.DeviceName $syncUserStatus.DeviceOs
        #add to the user collection
        $userCollection += $resultObj
       }
 }

With every iteration, $syncUserStatusList detail is collection of devices owned by a user. $syncUserStatus is the detail for one device from user’s device collection. This detail is added to the array of user objects.

Export the user and device details to CSV

$userCollection | Export-Csv -Path Report.csv -Force

$userCollection comprises of list of all users associated with Finance, HR and Engineering sync shares and devices syncing with Work Folders server. That collection helps generate a simple CSV report. Here is a sample report generated for the above sync shares

UserName SyncShareName DeviceName DeviceOs
Contoso\EnggUser1 Engineering User1-Desktop Windows 6.3
Contoso\EnggUser1 Engineering User1Phone iOS 8.3
Contoso\EnggUser1 Engineering User1-Laptop Windows 10.0
Contoso\FinanceUser1 Finance Finance-Main1 Windows 10.0
Contoso\FinanceUser1 Finance Finance-Branch Windows 6.3
Contoso\HRUser2 HR HR-US Windows 10.0
Contoso\HRUser2 HR iPad-Mini1 iOS 8.0

Summary

You just learned how easy it is build simple tabular report for understanding the Work Folders usage trend in an enterprise. This data could be leveraged further to build interesting graphs such as active usage in enterprise and/or per department sync share as well as weekly and monthly trends for Work Folders adoption in enterprise, thx to available graph generation support in Microsoft Excel.