Powershell script to create user home directory and DFS namespace target

Posted on By Mike No Comments on Powershell script to create user home directory and DFS namespace target
Active Directory, PowerShell, Windows

Creating a new users home directory and corresponding DFS namespace target. The script can also force all domain controllers to fully sync up in case you have multiple sites. Sync is enabled by default, however it can be disabled. This powershell script does require WinRM to be enabled for sync to work. You need to have setup the DFS namespace root path already.


CreateHome -user $target -server $server -dfsNamespacePath "\\example.com\UserFolders" -sync $true

Function CreateHome {
[CmdletBinding()]
Param (
[Parameter(Mandatory=$True,Position=0)]
[string]$user,
[Parameter(Mandatory=$True,Position=1)]
[string]$server,
[Parameter(Mandatory=$True,Position=2)]
[string]$dfsNamespacePath,
[Parameter(Mandatory=$False,Position=3)]
[bool]$sync = $true
)
if ($sync)
{
write-host "Syncing Changes..."

$dcs = Get-ADComputer -Filter * -Properties * | Where-Object { $_.CanonicalName.contains('/Domain Controllers/', "CurrentCultureIgnoreCase") }
$dcs | ForEach-Object {
Write-Host "Syncing $($_.Name)"
$res = Invoke-Command -ComputerName $_.Name -ScriptBlock { repadmin /syncall /AdeP }
write-host "Syncing Complete..."
}
}

trap {continue} New-Item -Path "$server\$user" -type Directory -ErrorAction SilentlyContinue

$Path = "$server\$user"
$acl = (Get-Item $Path).GetAccessControl('Access')
$allInherit = [System.Security.AccessControl.InheritanceFlags]"ContainerInherit", "ObjectInherit"
$allPropagation = [System.Security.AccessControl.PropagationFlags]"None"
$permissions = "FullControl"
$Username = "$user"
$AR = New-Object System.Security.AccessControl.FileSystemAccessRule($Username, $permissions, $allInherit, $allPropagation, "Allow")
if ($acl.Access | Where { $_.IdentityReference -eq $Username})
{
$accessModification = New-Object System.Security.AccessControl.AccessControlModification
$accessModification.value__ = 2
$modification = $false
$acl.ModifyAccessRule($accessModification, $AR, [ref]$modification) | Out-Null
}
else
{
$acl.AddAccessRule($AR)
}
Set-Acl -path $Path -AclObject $Acl

$result = dfsutil link add "$dfsNamespacePath\$user" "$server\$user"
}

Leave a Reply

Your email address will not be published. Required fields are marked *

I accept that my given data and my IP address is sent to a server in the USA only for the purpose of spam prevention through the Akismet program.More information on Akismet and GDPR.