none
Powershell creating Home Directory folder RRS feed

  • Question

  • Good morning,

    I am using a script to create AD users from a .csv exported of another program that contains these users. One of the steps in this script is creating the Home Drive and the Home Directory. This is working properly except for one thing. We use the following to create the Home Directory:

    Import-Csv -Path \\path\Afas02.csv |
    Select-Object *,@{Name='HomeDirectory';Expression={"\\company.domain\dfs\User\$($_.SamAccountName)"}} |
    Export-Csv -Path \\path\Afas01.csv -NoTypeInformation
    Remove-Item \\path\Afas02.csv
    Import-Csv \\path\Afas01.csv | New-ADUser

    When we go to AD and look at the created user's properties, the Home Drive and Home Directory is set to the user's SamAccountName, but it does not create the according folder on \\company.domain\dfs\User\$($_.SamAccountName)

    It, however, does create the folder if we re-enter the Home Directory manually and press ''OK'' to save, this is the part that's confusing me. I googled about the home directory with powershell but all I found was very long scripts that don't make much sense to me as my knowledge in Powershell is very thin. I would think that it can't be that we have to manually make the folder with a super long script to set all security settings/etc if it automatically creates it upon entering manually and clicking OK, I should be able to do the same thing with a simple line of script.. Any help will be appreciated.

    Thanks,

    Monday, April 4, 2016 8:18 AM

Answers

  • The point is that if you enter a folder path for home directory in ADUC, the mmc creates the folder for you and assigns permissuons. But if you assign the folder path to the homeDirectory attribute of the user in a script, this does not create the folder or assign the proper permissions for the user. Separate script steps are required for that. The New-Item cmdlet can be used to actually create the home folder. The Set-Acl cmdlet can be used to assign permissions. You can use the code in this Gallery script as an example:

    https://gallery.technet.microsoft.com/PowerShell-script-to-832e08ed


    Richard Mueller - MVP Enterprise Mobility (Identity and Access)

    Monday, April 4, 2016 10:23 AM
    Moderator

All replies

  • Hi Matthew,

    well yes, creating folders is fairly simple. Let's take apart your script:

    $Users = Import-Csv -Path \\path\Afas02.csv |
    Select-Object *,@{Name='HomeDirectory';Expression={"\\company.domain\dfs\User\$($_.SamAccountName)"}}
    $Users | New-ADUser
    $Users | %{ New-Item $_.HomeDirectory -ItemType 'Directory' } | Out-Null


    Where complexity rears its head is that usually you need to assign ownership permissions properly. Furthermore, you need to set permissions, possibly disable inheritance. All those things are a little more complex and that button in the AD console contains a lot more logic behind it than might be apparent.

    Basically, in addition to these steps so far, you'd need to...

    • Disable Inheritance
    • Set Permissions
    • Set Ownership

    Assuming you have some fictional functions that do this for you (which I'd assume make up most of the complexity in the scripts you found), it could be simplified to this:

    $Users = Import-Csv -Path \\path\Afas02.csv |
    Select-Object *,@{Name='HomeDirectory';Expression={"\\company.domain\dfs\User\$($_.SamAccountName)"}}
    $Users | New-ADUser
    $Users | %{ New-Item $_.HomeDirectory -ItemType 'Directory' } | Disable-AclInheritance -PassThru | Set-HomeOwnership -PassThru | Set-HomePermissions
    

    Please note that Disable-AclInheritance, Set-HomeOwnership and Set-HomePermissions are all fictional. Running this will cause an error.

    Cheers,
    Fred


    There's no place like 127.0.0.1

    Monday, April 4, 2016 8:46 AM
  • The point is that if you enter a folder path for home directory in ADUC, the mmc creates the folder for you and assigns permissuons. But if you assign the folder path to the homeDirectory attribute of the user in a script, this does not create the folder or assign the proper permissions for the user. Separate script steps are required for that. The New-Item cmdlet can be used to actually create the home folder. The Set-Acl cmdlet can be used to assign permissions. You can use the code in this Gallery script as an example:

    https://gallery.technet.microsoft.com/PowerShell-script-to-832e08ed


    Richard Mueller - MVP Enterprise Mobility (Identity and Access)

    Monday, April 4, 2016 10:23 AM
    Moderator
  • But if you assign the folder path to the homeDirectory attribute of the user in a script, this does not create the folder or assign the proper permissions for the user.


    Richard Mueller - MVP Enterprise Mobility (Identity and Access)

    I'm weirded out by the fact that if I manually enter the home directory and apply by pressing 'OK' it creates the folder with proper permissions automatically (not using a 3rd party program/script for that) and if I let the home directory get filled in by a script and run it, which to me is basically the same as manually entering it and pressing OK, it does not do this..
    Monday, April 4, 2016 11:52 AM
  • This is where learning basic Windows and AD can help you too understand why you can make this mistake.  It is a common mistake with those new to Windows technology.


    \_(ツ)_/

    Monday, April 4, 2016 1:11 PM
  • I'm weirded out by the fact that if I manually enter the home directory and apply by pressing 'OK' it creates the folder with proper permissions automatically (not using a 3rd party program/script for that) and if I let the home directory get filled in by a script and run it, which to me is basically the same as manually entering it and pressing OK, it does not do this..

    Why?

    Button clicks can do multiple things where as scripts only do what you tell them to.


    Monday, April 4, 2016 2:01 PM
  • I'm weirded out by the fact that if I manually enter the home directory and apply by pressing 'OK' it creates the folder with proper permissions automatically (not using a 3rd party program/script for that) and if I let the home directory get filled in by a script and run it, which to me is basically the same as manually entering it and pressing OK, it does not do this..

    Why?

    Button clicks can do multiple things where as scripts only do what you tell them to.



    I'd think that there is a function tied to the button which gets activated upon pressing it and that you can use that function in powershell to also let the script ''press'' the OK button, making the same actions as the system would upon you pressing OK manually.
    Monday, April 4, 2016 2:12 PM
  • I'd think that there is a function tied to the button which gets activated upon pressing it and that you can use that function in powershell to also let the script ''press'' the OK button, making the same actions as the system would upon you pressing OK manually.

    Maybe. I have no idea how ADUC works under the covers.

    I don't see the problem with just doing the necessary steps in a script though.


    Monday, April 4, 2016 2:15 PM
  • I'm weirded out by the fact that if I manually enter the home directory and apply by pressing 'OK' it creates the folder with proper permissions automatically (not using a 3rd party program/script for that) and if I let the home directory get filled in by a script and run it, which to me is basically the same as manually entering it and pressing OK, it does not do this..

    Why?

    Button clicks can do multiple things where as scripts only do what you tell them to.



    I'd think that there is a function tied to the button which gets activated upon pressing it and that you can use that function in powershell to also let the script ''press'' the OK button, making the same actions as the system would upon you pressing OK manually.

    Nope.  This has been a claim for years.  With VBScript, Batch and now with PowerShell.  This is a claim made due to lack of knowledge and training in Windows and in computer/software engineering.

    When we programmers bulld tools we write custom code.  It is not necessarily made available.  Net has not methods like this.  The ADUC code was written before dotNet was written.  I know all of the published AD APIs.  It is not part of those APIs.

    Look in the Gallery and fin d many examples of how to automate this in script.

    In modern AD we would actually use Group Policy for this.  We would redirect the MyDocuments folders to a share and set home drive/folder to this location.  Windows will create the folders and set the permissions on next logon.


    \_(ツ)_/

    Monday, April 4, 2016 2:23 PM
  • I'd think that there is a function tied to the button which gets activated upon pressing it and that you can use that function in powershell to also let the script ''press'' the OK button, making the same actions as the system would upon you pressing OK manually.

    As noted, ADUC does more than set the attribute. There is no guarantee that a feature that exists in a standard GUI is reproducible from the command line. (Unfortunately, wishful thinking does not cause features to spring into existence.)


    -- Bill Stewart [Bill_Stewart]

    Monday, April 4, 2016 2:44 PM
    Moderator