Quest Set-QADUser -HomeDirectory

I am using the Quest Active Roles set-QADUser -Homedirectory with a script to update users from a excel file.  All works OK and the Homedirectory is updated in the user's profile, however, the actual folder is not created.  If I apply the setting in the user profile, the folder is created, so I know that the homedirectory folder is valid.  Any ideas on what I need to do so that the folder is created via the script.
Thanks in advance
Art
ajwellmanAsked:
Who is Participating?
 
tilbardConnect With a Mentor Commented:
The below, assuming that $user is the object captured via get-qaduser, should work.
HomeDirRoot: is set to the full UNC path to where the folder will be located. For instance, \\server1\storage\homes.

As you can see, setting permissions is a bit clunky in Powershell (at least v1, I haven't kept up with v2).

This will create a directory in HomeDirRoot:\ with the users samaccountname as the folder name, set the folder to inherit permissions from HomeDirRoot:\, then give the user modify access to it as well.

That's how I do it, anyways. May be (and probably are) better ways, but it works.
New-PSDrive -Name HomeDirRoot -Root "\\server\share\Homedirectoryroot" -PSProvider FileSystem
$Inherit = [System.Security.AccessControl.InheritanceFlags]"ContainerInherit, ObjectInherit"
$propogation = [System.Security.AccessControl.PropagationFlags]"None"

# Test for existing directory, error if found, create if not
if (!(Test-Path "HomeDirRoot:\$($user.samaccountname)")){
   New-Item "HomeDirRoot:\$($user.samaccountname)" -type directory
   $ACLBase = Get-Acl HomeDirRoot:\
   $AddACL = "yourdomain\$($user.samaccountname)", "Modify", $Inherit, $propogation, "Allow"
   $AccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule $AddACL
   $ACLBase.SetAccessRule($AccessRule)
   $ACLBase | Set-Acl "HomeDirRoot:\$($user.samaccountname)"
} else {
   write-host "Directory $($user.samaccountname) already exists"
}

Open in new window

0
 
Chris DentConnect With a Mentor PowerShell DeveloperCommented:

You need to create the folder within the script. I know that's a bit of a repeat of what you've said above, but the create operation that takes place when you set this in the GUI is a function of the GUI, not a function of AD.

The simplest way would be to use:

New-Item "WhateverPath" -Type Directory

Does it also need to set permissions as well?

Chris
0
 
ajwellmanAuthor Commented:
Thanks for the info.  I thought that I would be able to create the directory with the cmdlet.  I have a vbscript that uses LDAP to create a user and then just sets the homedirectory property and it creates the corresponding folder with the proper permissions.  If I have to create the folder, then it will have to have the permissions set to give the user full control as it does when created using the GUI.  Do you have any examples on how to do that.  I am quite new to powershell scripting.
Thanks again for your help.
Art
0
 
ajwellmanAuthor Commented:
Thanks.
This works great and much neater than I was trying to do.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.