It’s been some time since my last post now, had alot of things to do at work, but now I’m back OnTrack with my blogging.
Last time we checked out how to add group membership through PowerShell, so now we should have a nice test environment in place, based on Star Trek. In this post, we are going to script up Users homefolders and add each user to the correct folder. We’ll accomplish this through the following four steps:- Add a Share on the Server
- Add unique folders for all Users
- Add unique Permissions to the FOlders
- Edit the User Objects in Active-Direcroty
I’m also going to re-use a script I wrote a couple of months ago, but we’ll get back to that.
Let’s start off by creating a Share. This can be done through the Create() method in the WMI class Win32_Share. The Win32_Share is well described in MSDN. Since we want to make the script re-usable, we should check if the Share already exists. This is a simple procedure through PowerShell.
PS > $Share = "C:\Share"
PS > $ShareName = "Share"
PS > if ((gwmi Win32_Share | Where { $_.Path -eq $Share}).Path -eq $Share ) {
>> Write-Host "Share: $ShareName already exists." -ForeGroundColor Red
>> }
If the Share Already exists “Share: Share already exists” will be prompted, if not we can continue with the script.
Now that we know that the share doesn’t exist, we have to check that the folder exists, and if not, create the folder.
PS > if (!(Test-Path $Share)) {
>> New-Item -Path $Share -type directory | Out-Null
>> }
and finally, we can create our Share through WMI. Setting type to 0 creates a Disk Drive Share.
PS > $CreateShare = [wmiclass]"Win32_Share" PS > $CreateShare.Create($Share,$ShareName,$Type) | Out-Null
Now that the share is up and running, we can create our HomeFolders. First we set up our HomeDrive and HomeFolder variables, we’ll also set up a User for the example.
PS > $Share = "Share" PS > $User = "jeapic" PS > $HomeDrive = "H" PS > $HomeDirectory = "\\" + $env:COMPUTERNAME + "\" + $Share + "\" + $UserSince the script runs on the server where the Share is created, we can use the environment variable to retrieve the computername. Next, we want to check if the user already has the homedrive and homedirectory set. We can use the Get-AD.ps1 script for this. I’m also adding the -ToObject switch since i want to use the object later on.
PS > $GetUser = ./Get-AD.ps1 -Domain $Domain -User $User -Filter sAMAccountName -ToObject
PS > if ($GetUser.homeDirectory -match $HomeDirecory -AND $GetUser.homeDrive -match $HomeDrive) {
>> Write-Host "User: $User HomeDrive Already Set" -ForeGroundColor Yellow
>> }
If the User already has the HomeDrive set, we won’t continue, if not, we can go ahead and add it. But before connecting the User to the folder, want to create and give the user FullControl of his HomeFolder. Here we can use the Set-FolderPermission.ps1 script
PS > $Domain = "powershell.nu" PS > $DomainUser = $Domain + "\" + $User PS > ./Set-FolderPermission.ps1 -Path $HomeDirectory -Access $DomainUser -Permission FullControlThe Set-FolderPermission.ps1 both created the folder and set up the permissions for us, now all we have to do is set HomeDrive and HomeDirectory to the User Object.
PS > $GetUser.Put("homeDirectory",$HomeDirectory)
PS > $GetUser.Put("homeDrive",$HomeDrive)
PS > $GetUser.SetInfo()
And that’s it.
Running the script Doesn’t require the Star Trek Csv file used in the other examples, it does however require you to loop through each Users that you want to add Homefolders to. In order to get a list of all Users within an OU you can use the Get-AD.ps1 script, as shown below.
PS > ./Get-AD.ps1 -domain "LDAP://OU=Star Trek: The Next Generation,DC=powershell,DC=nu" -User AllUsers -Property sAMAccountName | ForEach {
>> ./Add-STHomeFolder.ps1 -Domain powershell.nu -User $_.sAMAccountName -Share Share -HomeDrive H
>> }
All I have to do now is change the LDAP path above and repeat the ForEach on each OU that contains Users that I want to add a HomeFolder to.
Here are a couple of screenshots on running the scripts:
Click Here to Download the Add-STShare.ps1 Script.
Click Here to Download the Add-STHomeFolder.ps1 Script.
The Get-AD.ps1 script is also required.
Here’s the Set-Foldepermission.ps1 Script that’s also required.
[?]
Great script – but one “typo” that had me in fits until I found it. In your help text you list one of your parameters as “-User”. It should read “-Access”. If you run it with the “-User” flag, nothing happens.
I should add, this is for the “Set-FolderPermission.ps1″ script (which is also misspelled in the text for your link. =)
Hej Niklas. Sitter just nu som praktikant på Zipper. Din bok har hjälpt mig väldig mycket. Har gått igenom den ordagrant.
Just nu håller jag på med csv filer och powershell, samt ska skapa shares så detta här verkligen kanon.
thx
Is great script, thank you for your help.!!!
Thanks Niklas!
I used the “setfolderpermission.ps1″ in my script to add home folders and update the user objects based on a list of AD users in a textfile.
http://newsweb.se/powershell-script-to-add-home-folder-path-in-windows-2003-ad-on-users-in-list-of-email-addresses/
//Jimi
Your search filter for person in the Get-AD.ps1 would be much more efficient if you change from:
$SearchFilter = ‘(&(objectClass=person)(!(objectClass=Computer)))’
to
$SearchFilter = ‘(&(objectClass=user)(objectCategory=Person))’
and change from:
$SearchFilter = “(&(objectClass=User)(&($Filter=$User)(! (objectClass=Computer))))”
to
$SearchFilter = “(&(objectClass=User)($Filter=$User)(objectCategory=Person))”
although this latter one will not provide a noticable improvment unless it contains a wildcard in the $User parameter.
On the whole, LDAP filters with a not clause are very inefficient because it must evaluate every object that matches to evaluate the not clause. They often unjustly show up in the event log as inefficient query errors leading to interesting stand-offs with domain admins and operations managers who believe they are bad because they show up as errors due to crummy Microsoft default criteria and a weak set of metrics in the underlying database (not SQL but Jet Blue–and I don’t mean the airline).