Quest Set-QADUser -HomeDirectory

Posted on 2010-01-08
Medium Priority
Last Modified: 2012-05-08
I am using the Quest Active Roles set-QADUser -Homedirectory with a script to update users from a excel file.  All works OK and the Homedirectory is updated in the user's profile, however, the actual folder is not created.  If I apply the setting in the user profile, the folder is created, so I know that the homedirectory folder is valid.  Any ideas on what I need to do so that the folder is created via the script.
Thanks in advance
Question by:ajwellman
  • 2
LVL 71

Assisted Solution

by:Chris Dent
Chris Dent earned 800 total points
ID: 26209791

You need to create the folder within the script. I know that's a bit of a repeat of what you've said above, but the create operation that takes place when you set this in the GUI is a function of the GUI, not a function of AD.

The simplest way would be to use:

New-Item "WhateverPath" -Type Directory

Does it also need to set permissions as well?


Author Comment

ID: 26211942
Thanks for the info.  I thought that I would be able to create the directory with the cmdlet.  I have a vbscript that uses LDAP to create a user and then just sets the homedirectory property and it creates the corresponding folder with the proper permissions.  If I have to create the folder, then it will have to have the permissions set to give the user full control as it does when created using the GUI.  Do you have any examples on how to do that.  I am quite new to powershell scripting.
Thanks again for your help.

Accepted Solution

tilbard earned 1200 total points
ID: 26476337
The below, assuming that $user is the object captured via get-qaduser, should work.
HomeDirRoot: is set to the full UNC path to where the folder will be located. For instance, \\server1\storage\homes.

As you can see, setting permissions is a bit clunky in Powershell (at least v1, I haven't kept up with v2).

This will create a directory in HomeDirRoot:\ with the users samaccountname as the folder name, set the folder to inherit permissions from HomeDirRoot:\, then give the user modify access to it as well.

That's how I do it, anyways. May be (and probably are) better ways, but it works.
New-PSDrive -Name HomeDirRoot -Root "\\server\share\Homedirectoryroot" -PSProvider FileSystem
$Inherit = [System.Security.AccessControl.InheritanceFlags]"ContainerInherit, ObjectInherit"
$propogation = [System.Security.AccessControl.PropagationFlags]"None"

# Test for existing directory, error if found, create if not
if (!(Test-Path "HomeDirRoot:\$($user.samaccountname)")){
   New-Item "HomeDirRoot:\$($user.samaccountname)" -type directory
   $ACLBase = Get-Acl HomeDirRoot:\
   $AddACL = "yourdomain\$($user.samaccountname)", "Modify", $Inherit, $propogation, "Allow"
   $AccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule $AddACL
   $ACLBase | Set-Acl "HomeDirRoot:\$($user.samaccountname)"
} else {
   write-host "Directory $($user.samaccountname) already exists"

Open in new window


Author Closing Comment

ID: 31674518
This works great and much neater than I was trying to do.

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Previously, on our Nano Server Deployment series, we've created a new nano server image and deployed it on a physical server in part 2. Now we will go through configuration.
Transferring FSMO roles is done when an admin wants to split roles between certain Domain Controllers or the Domain Controller holding the Roles has been forcefully demoted using dcpromo / forceremoval
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…
Loops Section Overview

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question