Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Change / Set  Homedrive path in AD

Posted on 2014-09-02
9
Medium Priority
?
366 Views
Last Modified: 2014-11-12
Hello,

We want to change the Homedrive path  location  in AD.


At the moment the path is

for $employeetype  A
\\oldserver01\%username%$

for $employeetype B
\\oldserver02\%username%$

We ant to change it to a single namespace with  different paths for each employee type

\\newserver\dfs\staffhomesA$\%username%

\\newserver\dfs\staffhomesB$\%username%


I am hoping it would be something as simple as filtering users in AD based on employee type and setting their homedrive letter and  path accordingly.



So this way we only have two main shares, which already exist, as opposed to hundreds of  user shares. We will be using the same paths for folder redirection, by the way (which begs the question, why do we need to set a home drive in ad at all, if the path is being created as part of folder redirection group policy anyway - cant we just map the letter via GPO to the folder redirection path and not bother with the ad home drive setting?)


Thanks!
0
Comment
Question by:rookie_b
  • 4
  • 4
9 Comments
 
LVL 5

Expert Comment

by:bernardbrink
ID: 40298022
You could use GPO to map the drives, and create a Item level target for a certains OU, Security Group etc
Read more about item level targeting:
http://www.windowsnetworking.com/articles-tutorials/netgeneral/Group-Policy-Preferences-Top-5-Item-Level-Targeting-Options.html
and here http://www.alexcomputerbubble.com/using-group-policy-preferences-gpp-to-map-user-home-drive/

Also this is possible with vbscript, powershell but that would require programming skill, if you want i could help you setup the basics..
0
 
LVL 5

Assisted Solution

by:Dejan Vasiljevic
Dejan Vasiljevic earned 1000 total points
ID: 40298295
Hello rookie_b,

I will give You full guide on how to do that.
1) So the old path is \\oldserver01\%username%$  and the new one is \\newserver\dfs\staffhomesA$\%username%

2) You will need to do Backup for registry share files and You will need to merge it to new server. You can look at it here http://support.microsoft.com/?kbid=125996 and it is very simple. Also You will need to export the registry key.

3. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Shares from Your old server and then import that resultant.reg file to the new one.
Also make shure the new LUN drive letter is identical on old backup drive letter.

Than You will need to share permission for the new folder.

After that download Robocopy GUI File Transfer Utility from this site  - http://www.mytechguide.org/605/microsoft-robocopy-gui/ - And yes it is free. Install it as a domain admin.

When You open it You will see the path tab and in it source and target/destination folders. Type them up. Go to the "Copy Options" tab and check those  - /SEC /COPYALL /E /ZB abd Retry Options should be both checked and /R box 10 and /W box 30

Than go to Logging and check /V and /NP if they are not checked. Check the /LOG also if it is not finished so it will create a log after it is done. Then You are ready to hit run, so You should do it.

Now go to this site - http://admodify.codeplex.com/ - and download ADModify.net and Yes it is also free. Its not an installation, so just double click it.
1) Click on Modiify Atributes. After it You will transfer to the new configuration interface. Select Your domain list and DC list and remove all ticks from boxes except users. Manually select the OU of destination where your users exist and click add to list>>  
2) You will get the new windows and You have to simply change the path to new one. Because You need bulkchange
You have to do it like this \\newserver\dfs\staffhomesA$\%AmAccountName% and it will create and do the changes for every  user.
3) Click on go and You will get the log after that. And the last thing go to AD Users and Computers and You will see the old home folder path changes to the new path...
I think that is it, You should be fine with those. And even it is big article, it is fairly simple and You should not get into any trouble.

Thanks for reading :D

D.
0
 

Author Comment

by:rookie_b
ID: 40298581
Thank you for your responses. Very helpful indeed!

Hi, bernardbrink,

A powershell would be ideal as we want to run it on a daily basis to set the properties for any new users, while ignoring the ones that already have their new drive mapped correctly.  I think that ideally it would get ad users that have a certain  $employeetype attribute and set the  drive to the appropriate new mapping, plus some logic to ignore any users whose new home drives already exist on the new server and have been mapped. I wouldn't know where to start though, so any help would be much appreciated!


Hi Dejan,

The Robocopy looks that it would do the trick, so thank you very much for this. I haven tried admodify yet, but it also looks great at first glance, although I would like if possible to script the process so it runs every morning to sweep any new users.

We want to abandon the existing shares completely and only use the higher level staffusersA$ and staffusersB$ shares, which already exist, and each user gets a %username% folder under these, but a rally cool tip for exporting the shares through registry, I 'm sure I will be using this in the future.

Thanks!
0
A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

 
LVL 5

Expert Comment

by:bernardbrink
ID: 40300319
Did you allready set a attribute with the employeetype ? or do you have a securitygroup per employeetype ?
If you could provide me with this information, i can create the basic AD query.

The check could be a filter on homedirectory like oldserver01 or oldserver02.
After that, it's only a matter of writing the right homedirectory back to the ad. Or do you need to copy the home drive as well ?
0
 

Author Comment

by:rookie_b
ID: 40302938
Yes, we have the employeetype attribute set for each user as part of the account imort process, as well as a security group for each of the security types.
0
 
LVL 5

Expert Comment

by:bernardbrink
ID: 40303012
Can you work with something like this :
[Array]$users = get-aduser -Filter 'employeeType -eq "Admin" -and homedirectory -like "%oldserver01%" -and homedirectory -like "%oldserver02%" ' -SearchBase "DC=ON,DC=local" | Select distinguishedName,SamAccountName
foreach( $user in $users)
{
    write-host $user.distinguishedName
    $username = $user.SamAccountName
    Set-ADUser -Identity $User.distinguishedName -HomeDirectory \\newserver\dfs\staffhomesA$\$username
}

Open in new window

0
 

Author Comment

by:rookie_b
ID: 40305552
This looks very promising. Would these two work like that if we run them separately like that?

[Array]$users = get-aduser -Filter 'employeeType -eq "A" -and homedirectory -like "%oldserver01%" ' -SearchBase "DC=ON,DC=local" | Select distinguishedName,SamAccountName
foreach( $user in $users)
{
    write-host $user.distinguishedName
    $username = $user.SamAccountName
    Set-ADUser -Identity $User.distinguishedName -HomeDirectory \\newserver\dfs\staffhomesA$\$username
}

Open in new window





and then a different one for type B



[Array]$users = get-aduser -Filter 'employeeType -eq "B" -and homedirectory -like "%oldserver02%" ' -SearchBase "DC=ON,DC=local" | Select distinguishedName,SamAccountName
foreach( $user in $users)
{
    write-host $user.distinguishedName
    $username = $user.SamAccountName
    Set-ADUser -Identity $User.distinguishedName -HomeDirectory \\newserver\dfs\staffhomesB$\$username
}

Open in new window




And lastly, for new starters, can we have a script that runs on a scheduled task, picks new users and sets their home directory, while ignoring existing ones that have the home drive set?   I guess I would start with something like this;


[Array]$users = get-aduser -Filter 'employeeType -eq "A" ' -SearchBase "DC=ON,DC=local" | Select distinguishedName,SamAccountName
foreach( $user in $users)
{
    write-host $user.distinguishedName
    $username = $user.SamAccountName
    Set-ADUser -Identity $User.distinguishedName -HomeDirectory \\newserver\dfs\staffhomesA$\$username
}

Open in new window




But not sure how to go about the logic of excluding existing ones. How do I define that they do not have a home drive set. Also, would it break if I a folder already exists on  \\newserver\dfs\staffhomesA$\?

thank you!
0
 
LVL 5

Accepted Solution

by:
bernardbrink earned 1000 total points
ID: 40305597
The first 2 script can run as far as i can tell.
Make 2 seperate ps1 files, or mind the variable names.

Regarding the last question : you could search/filter user without a homedrive set.

[Array]$users = get-aduser -Filter 'employeeType -eq "A" -and homedirectory -notlike "%" ' -SearchBase "DC=ON,DC=local" | Select distinguishedName,SamAccountName
foreach( $user in $users)
{
    write-host $user.distinguishedName
    $username = $user.SamAccountName
    Set-ADUser -Identity $User.distinguishedName -HomeDirectory \\newserver\dfs\staffhomesA$\$username -Whatif
}

Open in new window


You can test the above commands by using the -Whatif parameter, this way you'll get  a preview.
(http://www.computerperformance.co.uk/powershell/powershell_whatif_confirm.htm)
0
 

Author Comment

by:rookie_b
ID: 40309745
Thanks, I will test and report back the results.

Cheers!
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question