none
Adding homeDirectory attribute to account created with Powershell RRS feed

  • Question

  • Hi, when I create new accounts and add the attribute $objUser.Put("homeDirectory", "\\DC01\Home$\$UserName") I can see that it's populated in the account in AD, and its a mapped Drive when the user logs on, but the actual folder on the share does not get created on the Share. What do I need to add to the script to add the folder to the Share?? Or is this not possible?

     

    Thanks

    Thursday, October 6, 2011 11:52 AM

Answers

  • $users = import-csv "C:\script\list3.csv"
    $objADSI = [ADSI]"LDAP://ou=*Users,dc=corp,dc=we"
    $users | foreach {
    
       $UserName = $_.UserName
       $path = "\\DC01\Home$\$UserName"
       
       $objUser = $objADSI.Create("User", "cn=$UserName")
       $objUser.Put("sAMAccountName", $UserName)
       $objUser.Put("userPrincipalName", $UserName + "@corp.we")
       $objUser.Put("homeDirectory", $path)
       $objUser.setInfo()
       $objUser.SetPassword("Password1")
       $objUser.psbase.InvokeSet('AccountDisabled', $false)
       $objUser.setInfo()
       
       if (-not (Test-Path $path)) { 
        $acl = (md $path).GetAccessControl()
        $perm = ($UserName + "@corp.we"),"Modify","ContainerInherit,ObjectInherit","None","Allow"
        $accessRule = new-object System.Security.AccessControl.FileSystemAccessRule $perm
    	$acl.SetAccessRule($accessRule)
    	$acl | Set-Acl -Path $Path
       }
    
    }
    

    • Proposed as answer by Bigteddy Thursday, October 6, 2011 2:38 PM
    • Marked as answer by Beefstew123 Friday, October 7, 2011 8:05 AM
    Thursday, October 6, 2011 2:33 PM

All replies

  • $path = "\\DC01\Home$\$UserName"
    if (-not (Test-Path "\\DC01\Home$\$UserName")) { md $path }
    

    Thursday, October 6, 2011 11:58 AM
  • yes, this is necessary.

    new-item -path <path to the user home directory> -type folder 
    

    After that you have to configure the NTFS permissions

    set-acl -path <path to the user home directory>

    $acl = get-acl -path <path to the user home directory>
    $permission = "domainName\Username","FullControl","Allow"
    $accessRule = new-object System.Security.AccessControl.FileSystemAccessRule $permission
    $acl.SetAccessRule($accessRule)
    $acl | Set-Acl -path <path to the user home directory>
    
    


    regards Thomas Paetzold visit my blog on: http://sus42.wordpress.com
    Thursday, October 6, 2011 12:04 PM
  • Thats great thanks, but how would I incorporate that into the following script? WOuld it be a seperate script or part of the one below?

     

    $users = import-csv "C:\script\list3.csv"
    $objADSI = [ADSI]"LDAP://ou=*Users,dc=corp,dc=we"
    $users | foreach {

       $UserName = $_.UserName
       $objUser = $objADSI.Create("User", "cn=$UserName")
       $objUser.Put(“sAMAccountName”, $UserName)
       $objUser.Put(“userPrincipalName”, $UserName + "@corp.we")
       $objUser.Put("homeDirectory", "\\DC01\Home$\$UserName")
       $objUser.setInfo()
       $objUser.SetPassword("Password1")
       $objUser.psbase.InvokeSet('AccountDisabled', $false)
       $objUser.setInfo()

    }

     

    Many thanks

    Thursday, October 6, 2011 1:15 PM
  • I suggest you use another script, because you can only set the acl's after the user has been created.  Try this:

     

    $users = Import-Csv users.csv
    
    foreach ($userName in $users) {
        $path = "\\DC01\home$\$($UserName.UserName)"
    
        if (-not (Test-Path $path)) { md $path }
    
        $acl = get-acl -path $path
        $permission = "corp\$($userName.UserName)","FullControl","Allow"
        $accessRule = new-object System.Security.AccessControl.FileSystemAccessRule $permission
        $acl.SetAccessRule($accessRule)
        $acl | Set-Acl -path $path
        } # end foreach
    

     


    [string](0..9|%{[char][int](32+("39826578840055658268").substring(($_*2),2))})-replace "\s{1}\b"

    • Edited by Bigteddy Thursday, October 6, 2011 2:09 PM
    Thursday, October 6, 2011 2:06 PM
  • $users = import-csv "C:\script\list3.csv"
    $objADSI = [ADSI]"LDAP://ou=*Users,dc=corp,dc=we"
    $users | foreach {
    
       $UserName = $_.UserName
       $path = "\\DC01\Home$\$UserName"
       
       $objUser = $objADSI.Create("User", "cn=$UserName")
       $objUser.Put("sAMAccountName", $UserName)
       $objUser.Put("userPrincipalName", $UserName + "@corp.we")
       $objUser.Put("homeDirectory", $path)
       $objUser.setInfo()
       $objUser.SetPassword("Password1")
       $objUser.psbase.InvokeSet('AccountDisabled', $false)
       $objUser.setInfo()
       
       if (-not (Test-Path $path)) { 
        $acl = (md $path).GetAccessControl()
        $perm = ($UserName + "@corp.we"),"Modify","ContainerInherit,ObjectInherit","None","Allow"
        $accessRule = new-object System.Security.AccessControl.FileSystemAccessRule $perm
    	$acl.SetAccessRule($accessRule)
    	$acl | Set-Acl -Path $Path
       }
    
    }
    

    • Proposed as answer by Bigteddy Thursday, October 6, 2011 2:38 PM
    • Marked as answer by Beefstew123 Friday, October 7, 2011 8:05 AM
    Thursday, October 6, 2011 2:33 PM
  • Thanks for that Kazun...

     

    Could you please tell me how I would then set the givenName, sn, and DisplayName attributes?? I have these in the csv file but do not know the easiest and most efficient way to incorporate it into the script

    Cheers

    Friday, October 7, 2011 8:09 AM
  • $users = import-csv "C:\scripts\users.csv"
    $objADSI = [ADSI]"LDAP://ou=*Users,dc=corp,dc=we"
    $users | foreach {
    
       $UserName = $_.UserName
       $DisplayName = $_.DisplayName
       $sn = $_.sn
       $GivenName = $_.GivenName
       $path = "\\DC01\Home$\$UserName"
       
       $objUser = $objADSI.Create("User", "cn=$UserName")
       $objUser.Put("sAMAccountName", $UserName)
       $objUser.Put("userPrincipalName", $UserName + "@corp.we")
       $objUser.Put("DisplayName", $DisplayName)
       $objUser.Put("sn",$sn)
       $objUser.Put("GivenName", $GivenName)
       $objUser.Put("homeDirectory", $path)
       $objUser.setInfo()
       $objUser.SetPassword("Password1")
       $objUser.psbase.InvokeSet('AccountDisabled', $false)
       $objUser.setInfo()
       
       if (-not (Test-Path $path)) { 
        $acl = (md $path).GetAccessControl()
        $perm = ($UserName + "@corp.we"),"Modify","ContainerInherit,ObjectInherit","None","Allow"
        $accessRule = new-object System.Security.AccessControl.FileSystemAccessRule $perm
    	$acl.SetAccessRule($accessRule)
    	$acl | Set-Acl -Path $Path
       }
    
    }
    
    


    [string](0..9|%{[char][int](32+("39826578840055658268").substring(($_*2),2))})-replace "\s{1}\b"
    • Edited by Bigteddy Friday, October 7, 2011 11:16 AM
    Friday, October 7, 2011 11:12 AM