So you need to assign and create home folders to a bunch of users and don´t really feel like doing it all the GUI way one by one?
I had this problem and I also needed to specify what users to create folders for by a list, and since email addresses are a good primary key I based my script on that.
This script will create folders, set permissions and update this information in the user objects in AD
First do Read
In Microsofts “How to assign a home folder to a user” you will find out how assign home folders in GUI or by scripting. When assigning a home folder in AD Users and Computers the AD takes care of creating the folder on specified share, but when assigning a home folder using the scripts they provide all you get is the path mapped in the users computer and in the AD user object, the folder is not created.
Then do Read
This script needs the path to a text file with the users email addresses** (one address per line), domain name,path to root of user share and a drive letter to the home folder (use a “high” one so you don´t get problems with card readers etc.).
** Can easily be changed to display name or samaccountname
! The script will set the users home folder name to “samaccountname_givenName-sn” (f ex. “jifr_Jimi-Friis”)
Powershell Script to add home folder path in Windows 2003 AD on users in list of email addresses
Script to add path to home folder in Windows 2003 AD
Then do Copy modify and enjoy! as always on your on risk 🙂
##***************************************************************************
## ***** Script Header *****
## File Name: AD_getUserLogonName_fromList_CreateAndSetHomFolder.ps1
# Author : Jimi Friis, www.newsweb.se
# Created: 2012-06-05
#
# Purpose: Set up home folder for Active Directory users specified as email adresses in a text file
#
# How it works:
# The script loads a textfile with an email address on each new line.
# for each email address the scripts looks if the email address is a valid user and if the user has a home folder set.
# If the user has a home folder nothing is done
# If the user don´t have a home folder the script will set a Drive letter and a Path on the user object in AD
# then the script checks if there is a folder with the right permissions in that Path,
# If NOT the folder is created and (or) permissions “full rights” is applied for the user on the users hoome folder
# Good to know:
# The script will set the users home folder name to “samaccountname_givenName-sn” (f ex. “jifr_Jimi-Friis”)
# – change this to meet your needs
# The user have to log on to the computer after this update to get the home path mapped in the local computer.
# – log off log on.
# This script is easy to change to use displayname or samaccountname as input data instead of email address.
#
# Thanks To:
# The functions for retrieving users from AD is based on this script, by Bram de Jager, “http://bramdejager.wordpress.com/2011/05/30/powershell-script-for-retrieving-ad-user-attributes-based-on-display-name/”
#
# The functions for creating the user folder and set the security permission on that folder
# is from the script “http://www.powershell.nu/wp-content/uploads/2009/02/setfolderpermission.ps1” provided by Niklas Goude at http://www.powershell.nu
##***************************************************************************
# clear screen
cls
############################
## Change these variables ##
$USERS_HOME = “\\YOUR_FILE-SERVER\home$\”
$USERS_HOME_DRIVE = “U:”
$DOMAIN = “YOUR_DOMAINNAME_HERE”
$INPUT_DATA_FILE = “.\UsersToCreateHomeFolder.txt”
## No need to change anything below ##
######################################
### Search Scope ###
#Subtree * default if nothing is chosen – Searches the whole subtree, including the base object and all its child objects.
#Base – Limits the search to the base object. The result contains a maximum of one object.
#OneLevel – Searches the immediate child objects of the base object, excluding the base object.
$searchScope = “Subtree”
### Search Filter Examples ##
## disabled = (userAccountControl:1.2.840.113556.1.4.803:=2)
## not disabled = (!(userAccountControl:1.2.840.113556.1.4.803:=2))
#####################
#$strFilter = “(&(objectclass=Computer)(userAccountControl:1.2.840.113556.1.4.803:=2))”
#$strFilter = “(&(objectclass=user)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))”
#$strFilter = “(objectclass=user)”
#$strFilter = “(&(objectclass=user)(!(objectclass=Computer))(!(userAccountControl:1.2.840.113556.1.4.803:=2)))”
$objDomain = New-Object System.DirectoryServices.DirectoryEntry
# get user objects from email address (easy to change to displayname or samaccountname)
function ConvertUser($user) {
$objSearcher = New-Object System.DirectoryServices.DirectorySearcher
$objSearcher.SearchRoot = $objDomain
$objSearcher.Filter = “(&(objectClass=user)(mail=$user))”
# Example using DisplayName instead of email to get user objects.
# $search.filter = “(&(objectClass=user)(displayName=$user))”
$objSearcher.SearchScope = $searchScope
### add properties to load from object
$objSearcher.PropertiesToLoad.AddRange(@(“name”))
$objSearcher.PropertiesToLoad.AddRange(@(“givenname”))
$objSearcher.PropertiesToLoad.AddRange(@(“sn”))
$objSearcher.PropertiesToLoad.AddRange(@(“samaccountname”))
$objSearcher.PropertiesToLoad.AddRange(@(“displayname”))
$objSearcher.PropertiesToLoad.AddRange(@(“homedrive”))
$objSearcher.PropertiesToLoad.AddRange(@(“homedirectory”))
$colResults = $objSearcher.Findall()
foreach ($objResult in $colResults)
{$objItem = $objResult.Properties
# “Name: ” + $objItem.name
# “HomeDir: ” + $objItem.homedrive
# “description: ” + $objItem.homedirectory
# IF NO HOME DIR IS SET
if ($objItem.homedrive -lt 0){
#get users directory entry to enable updates
$objItemDirEntry = $objResult.GetDirectoryEntry()
#”Info” + $objItem.name + ‘ has no home drive ‘ + $objItem.homeDirectory
Write-Host ‘Info: ‘ + $objItem.name ‘has no home drive ‘ $objItem.homeDirectory
$usersHomeFolder = ”+$USERS_HOME+$objItem.samaccountname + ‘_’+ $objItem.givenname +’-‘+ $objItem.sn
#$usersHomeFolder+=$objItem.displayname
Write-Host “Adding home drive ” $usersHomeFolder
## create users folder and set properties by calling CreatUserFolder.
$DomainUser = $DOMAIN + “\” + $objItem.samaccountname
$Permission = ‘FullControl’
CreateUserFolder $usersHomeFolder $DomainUser $Permission
## ADD HOME DIRECTORY
$objItemDirEntry.homeDirectory = $usersHomeFolder
$objItemDirEntry.homeDrive = $USERS_HOME_DRIVE
$objItemDirEntry.SetInfo()
}
else {
$Output = ‘User ‘ + $objItem.name + ‘ ; ‘ + $objItem.givenname + ‘ ; ‘ + $objItem.sn + ‘; have home folder set’ + ‘ ; ‘ + ‘ Drive; ‘ + $objItem.homedrive + ‘ ; Path; ‘ + $objItem.homedirectory
Write-Host $Output
}
}
}
### DIRECTORY FUNCTIONS (setfolderpermission.ps1)##
## Create the user folder and set permissions
function CreateFolder ([string]$Path) {
# Check if the folder Exists
if (Test-Path $Path) {
Write-Host “Folder: $Path Already Exists” -ForeGroundColor Yellow
} else {
Write-Host “Creating $Path” -Foregroundcolor Green
New-Item -Path $Path -type directory | Out-Null
}
}
function SetAcl ([string]$Path, [string]$Access, [string]$Permission) {
# Get ACL on FOlder
$GetACL = Get-Acl $Path
# Set up AccessRule
$Allinherit = [system.security.accesscontrol.InheritanceFlags]”ContainerInherit, ObjectInherit”
$Allpropagation = [system.security.accesscontrol.PropagationFlags]”None”
$AccessRule = New-Object system.security.AccessControl.FileSystemAccessRule($Access, $Permission, $AllInherit, $Allpropagation, “Allow”)
# Check if Access Already Exists
if ($GetACL.Access | Where { $_.IdentityReference -eq $Access}) {
Write-Host “Modifying Permissions For: $Access” -ForeGroundColor Yellow
$AccessModification = New-Object system.security.AccessControl.AccessControlModification
$AccessModification.value__ = 2
$Modification = $False
$GetACL.ModifyAccessRule($AccessModification, $AccessRule, [ref]$Modification) | Out-Null
} else {
Write-Host “Adding Permission: $Permission For: $Access”
$GetACL.AddAccessRule($AccessRule)
}
Set-Acl -aclobject $GetACL -Path $Path
Write-Host “Permission: $Permission Set For: $Access” -ForeGroundColor Green
}
#Create User folder and set permission
function CreateUserFolder ([string]$Path, [string]$Access, [string]$Permission) {
CreateFolder $Path
SetAcl $Path $Access $Permission
}
# call the ConvertUser for each entry in input file
function ConvertUsers {
process{
foreach($user In $_){ ConvertUser($user) }
}
}
# read input file with email address (could be displayname or other value)
Get-Content $INPUT_DATA_FILE | ConvertUsers