Hello
Im creating a script to create home directories for users and set permissions on them.
My script does create the folders but does not set the actual permissions on the users folder.
Here's my code.
$User = Get-ADUser -filter * -SearchBase "OU=DomainUsers,DC=Terry,DC=Local" | Select Name,SamAccountName,SID
ForEach ($x in $User.SamAccountName) {
#param([Parameter(Mandatory=$true)][String]$samAccountName)
$fullPath = "\\terry-server01\Userhome\$x"
$driveLetter = "W:"
Set-ADUser $x -HomeDrive $driveLetter -HomeDirectory $fullPath -ea Stop
$homeShare = New-Item -path $fullPath -ItemType Directory -force -ea Stop
$acl = Get-Acl $homeShare
$FileSystemRights = [System.Security.AccessControl.FileSystemRights]"Modify"
$AccessControlType = [System.Security.AccessControl.AccessControlType]::Allow
$InheritanceFlags = [System.Security.AccessControl.InheritanceFlags]"ContainerInherit, ObjectInherit"
$PropagationFlags = [System.Security.AccessControl.PropagationFlags]"InheritOnly"
$AccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule ($x, $FileSystemRights, $InheritanceFlags, $PropagationFlags, $AccessControlType)
$acl.AddAccessRule($AccessRule)
Set-Acl -Path $homeShare -AclObject $acl -ea Stop
Write-Host ("HomeDirectory created at {0}" -f $fullPath)
}
When viewing the permissions on each folder (client01 - client12), Client01 etc shows up in the list of Security users, but has no permissions applied. Also Terry\Users has read&Execute, list and Read for permissions; and because this is
a Home folder, only the specific user should have permissions (Modify).
I don't get any errors when running the script, the folders get created in the right place (client01, client02 etc).
What am I doing incorrectly or not doing?
Thank You
Terry
