Solved

Powershell script create Home directory

Posted on 2013-12-04
2
1,115 Views
Last Modified: 2013-12-10
Hi

I downloaded the below script from MS, i was trying to create some folders, run the script as follows

PS C:\Users\Administrator> C:\CreateHomeFolder\CreateHomeFolder.ps1 -path "c:\userdata" -Userlist "c:\names.txt"

my names .txt contained 2 samaccountnames one under the other jsmith bgates (both thse users 100% exist in AD

When i run the script it gives me the error below in a csv file

"Name","IsCreated","Remark"
"bgates","No","Cannot find1 an object with name:'bgates'"
"jsmith","No","Cannot find1 an object with name:'jsmith'"




<#
The sample scripts are not supported under any Microsoft standard support 
program or service. The sample scripts are provided AS IS without warranty  
of any kind. Microsoft further disclaims all implied warranties including,  
without limitation, any implied warranties of merchantability or of fitness for 
a particular purpose. The entire risk arising out of the use or performance of  
the sample scripts and documentation remains with you. In no event shall 
Microsoft, its authors, or anyone else involved in the creation, production, or 
delivery of the scripts be liable for any damages whatsoever (including, 
without limitation, damages for loss of business profits, business interruption, 
loss of business information, or other pecuniary loss) arising out of the use 
of or inability to use the sample scripts or documentation, even if Microsoft 
has been advised of the possibility of such damages.
#> 

#requires -Version 2

<#
.SYNOPSIS 
    This Script can help you to create several folders, and assign appropriate permission to each folder.
.DESCRIPTION
	This Script can help you to create several folders, and assign appropriate permission to each folder.
.PARAMETER  Path
	Indicate the location, where these folders will be created.
.PARAMETER  UserList
	Indicate a TXT file, which contain a name list of several users, one Name each line. Script will create folder for these users.
.PARAMETER	FullControlMember
	Indicate the users or groups, who have the permission to access each user’s folder. 
	Domain admins and system account will be the default value, whatever -FullControlMember be chosen or not. This parameter is optional.
.EXAMPLE
    .\CreateHomeFolder.ps1 -Path "c:\test" -UserList "c:\list.txt” -FullControlMember "file admin","fileadmins"
	
 	This command will to create home folders for several users. Grant the exact user, 
	user “File Admin” and group “FileAdmins” Full control permission to this folders. 
.LINK
	http://msdn.microsoft.com/en-us/library/ms147785(v=vs.90).aspx
#>
param
(
	[String]$Path,
	[String]$UserList,
	[String[]]$FullControlMember
)

$Users=@()
$Results=@()
Import-Module ActiveDirectory
if (-not (Test-Path $Path))
{
	write-error	-Message "Cannot find path '$Path' because it does not exist."
	return
}
if (-not (Test-Path $UserList))
{
	write-error	-Message "Cannot find  '$UserList' because it does not exist."
	return
}
else
{
	$Users=Get-Content $UserList
}
#Check whether the input AD member is correct
if ($FullControlMember)
{
	$FullControlMember|ForEach-Object {
		if (-not(Get-ADObject -Filter 'Name -Like $_')){
			$FullControlMember= $FullControlMember -notmatch $_; Write-Error -Message "Cannot find an object with name:'$_'"
		}
	}
}
$FullControlMember+="NT AUTHORITY\SYSTEM","BUILTIN\Administrators"

foreach($User in $Users)
{	
	$HomeFolderACL=Get-Acl $Path
	$HomeFolderACL.SetAccessRuleProtection($true,$false)
	$Result=New-Object PSObject
	$Result|Add-Member -MemberType NoteProperty -Name "Name" -Value $User
	if (Get-ADUser -Filter 'Name -Like $User')
	{
		New-Item -ItemType directory -Path "$Path\$User"|Out-Null
		#set acl to folder
		$FCList=$FullControlMember+$User
		$FCList|ForEach-Object {
		$ACL=New-Object System.Security.AccessControl.FileSystemAccessRule($_,"FullControl","ContainerInherit,ObjectInherit","None","Allow")
								$HomeFolderACL.AddAccessRule($ACL)
								}
		Set-Acl -Path "$Path\$User" $HomeFolderACL
		$Result|Add-Member -MemberType NoteProperty -Name "IsCreated" -Value "Yes"
		$Result|Add-Member -MemberType NoteProperty -Name "Remark" -Value "N/A"
	}
	else
	{
		$Result|Add-Member -MemberType NoteProperty -Name "IsCreated" -Value "No"
		$Result|Add-Member -MemberType NoteProperty -Name "Remark" -Value "Cannot find an object with name:'$User'"
	}
	$Results+=$Result
}
#Generate a report
$Results|Export-Csv -NoTypeInformation -Path "$Path\Report.csv"
if ($?) {Write-Host "Please check the report for details: '$Path\Report.csv'"}

Open in new window



My AD is 2008 R2, can anyone see where i am going wrong, i am not specifying anyone in the -fullcontrolmember as it says by default the Domain Admins / System and the User will get this which is what i want

Many Thanks
0
Comment
Question by:ncomper
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
2 Comments
 
LVL 5

Accepted Solution

by:
ncomper earned 0 total points
ID: 39695931
I didn't notice there was already a comment on the download page stating to change line 79 to the below, this has fixed it

if (Get-ADUser -Filter "SamAccountName -eq '$User'")

However next problem i have is that its automatically partially sharing each individual folder out which i don't want as the top level folder is shared, can anyone help modify the script so it does not do this,

I say it is only partially sharing because if i actually look at the properties of the folders it tells me that its not shared, however if i try and delete the folders i get a warning stating its shared!!! If i browse to \\servername\ they do not show up either so im sure they are not actually shared.


 I cant tell which part is setting the NTFS security and which is configuring the share

Thanks
0
 
LVL 5

Author Closing Comment

by:ncomper
ID: 39709215
Closing as got no responces
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
A quick Powershell script I wrote to find old program installations and check versions of a specific file across the network.
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question