Auto create user folders with permissions

We're using Win2k12r servers and active directory. The users already have their own user drive, so the below folders would be on another server. Also we use login scripts already to auto map their user and workgroup drives.

We'd like folder to be created on a file server for each of our users personal use and permissions assigned so that only the administrator and user has access.

Also we'd like a drive mapped out to the users folder when they login.

If we don't auto create and apply permissions, we'll need to create 2000 or so folders for each user and assign permissions to them manually.

a created a share on a server and want the folders created in the folder on this share.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Mick FinleyNetwork EngineerCommented:
The below will assign a home folder for users, it just needs to be looped for each UserName;

New-Item -ItemType directory -Path "\\ServerName\$UserName" #create Folder
takeown /f $folder /A /R /D y #give admin owner
ICACLS "\\ServarName\$ID" /grant:r "domain\${UserName}:(OI)(CI)F" /T #gran user full permissions
Set-ADUser -Identity $ID -HomeDirectory \\ServerName\$UserName -HomeDrive "H:" #set AD property
bernardbAuthor Commented:
Hello Mickfinley,

This can be used in a batch file to create a folder for each user, grant the users full permissions to the folder on a specific folder? Even though they all ready have a home directory, and this is another folder created for them on another server? This can be added to their logon script?

New-Item -ItemType directory -Path "\\Serverx\$UserName" #create Folder
 takeown /f $folder /A /R /D y #give admin owner
 ICACLS "\\Serverx\$ID" /grant:r "domain\${UserName}:(OI)(CI)F" /T #gran user full permissions
 Set-ADUser -Identity $ID -HomeDirectory \\ServerName\$UserName -HomeDrive "H:" #set AD property
Mick FinleyNetwork EngineerCommented:
If they already have a home directory within their AD profile properties, then the script would need modified:

the first 3 lines will create the folder and give permissions.  Removing the last line and replacing it with a mapped drive command in a login script would do the rest.  

Your statement " Also we use login scripts already to auto map their user and workgroup drives."  I get the idea the user's AD profile properties does not contain a home folder.  Also, this is powershell code.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2012

From novice to tech pro — start learning today.