Scripted Home Folder Management with PowerShell Pt. 5

2017-07-27T00:01:07+00:00 September 26th, 2012|Uncategorized|

In my last post in this series on scripting user management (see Part 1, Part 2, Part 3, and Part 4 for reference), I left off with a couple different ways to set the Home Folder attribute, using DSMod or PowerShell.

But I thought it was important to spend a moment and stress that when you’re scripting these changes, it’s all about what you *have* available to use as the basis of your queries and changes.  What I mean is this:  If you only have the samAccountName (often called the User ID), you make the query/change one way; but if you have the CN (known as the User Name), then you do it another way.  Let me show you some examples…


As shown in Part 4, if you have the CN — as DSMod requires — you can just make the call directly:

dsmod user "cn=Jeremy Pavlov,ou=Demo,dc=CoretekServices,dc=local" -hmdrv H: -hmdir "\MyCompany.orgDFSPathHomes$username$"

But what if you don’t know the CN, and all you have is the samAccountName?  Then in this case, you must use the samAccountName to first *get* the CN, then pipe the CN through to the DSMod command like this:

dsquery user -samid "JPavlov" | dsmod user -hmdrv H: -hmdir "\MyCompany.orgDFSPathHomes$username$"

In the above example, we’re using dsquery to simply retrieve the samAccountName, as represented by the samid flag; which returns a perfectly-formatted CN that is used as input for the DSMod.  The bottom line is that you can make the change no matter which format you have the User name!


On the PowerShell side of things, you have a similar flexibility.  The PowerShell example I used in Part 4 utilized the samAccountName (as represented by the -identity flag) instead of the CN, like this:

Set-ADUser -identity "jpavlov" -homeDrive h: -homeDir "\MyCompany.orgDFSPathHomesjpavlov"

But if you only have the CN to start with, then we have to go fishing.  We need to do a Get-ADUser with the -like option, and stuff it in a variable, prune that variable down to just what we want, and then pass it on to the Set-ADUser command.  Here’s one example how to get it done, like this:

$Dude = Get-ADUser -Filter 'Name -like "Jeremy Pavlov"'
$DudeSamId = $Dude.SamAccountName
Set-ADUser -identity $DudeSamId -homeDrive h: -homeDir "\MyCompany.orgDFSPathHomes$DudeSamId"

And with that, we’ll press pause, until next time…

Next time…  Let’s wrap this scripting up…  See you then!

Scripted Home Folder Management with PowerShell Pt. 4

2017-07-27T00:01:07+00:00 September 19th, 2012|Uncategorized|

If you’ve been following along in this post series (see Part 1, Part 2, and Part 3 of this series for reference), where I showed you how to create AD users, create soon-to-be Home Folders, and set permissions; all with PowerShell (and some other tools). 

Now, it’s time to stitch it all together by assigning the Home Folder attribute on our user object, and point the attribute to the folder we’ve prepared.  Yes, of course you could just set the Home folder “Connect To” options on the Profile tab of a User object in the Active Directory Users and Computers (ADUC) tool, but that’s not the point.  We want scripting!

So to pick up where we left off last time, all we really need to do is provide a Home folder attribute update on an existing user object.  Of course, we could have done this upon initial creation, but this series of posts is attempting to demonstrate the individual steps that you might encounter in the real world enterprise; either separately or together. 

There are various tools and ways to make our changes, including via the old method outlined in Part 1.  But I’d be remiss if I didn’t confess that much of the time I use good ol’ DSMod.  Here’s what a DSMod line would look like to update our user:

dsmod user "cn=Jeremy Pavlov,ou=Demo,dc=CoretekServices,dc=local" -hmdrv H: -hmdir "\MyCompany.orgDFSPathHomes$username$"

…note that I used “$” (dollar sign), which is a cool way to have the DSMod command utilize the “Windows 2000 User Name”, or the “samAccountName” as the value for this special variable.

*Aside: Why do I keep mentioning the DSMod / DSAdd methods?  I’ll tell you.  It’s because much of the time, I use scripting to parse certain inputs and then generate other scripts that I can hand out to other administrators (yes, script-generating scripts).  And while I can’t be certain that everyone will be familiar with script editing and the PowerShell modules for Active Directory, I can be pretty sure they’ll have a command prompt and DSMod.  There are other reasons, but the rest mostly come down to preference and how the result files look, etc.  So there you go.

However, the new Powershell method with the ActiveDirectory module is pretty nice and easy for this task, too.  Here is the PowerShell equivalent to the DSMod command above: 

set-aduser -identity "jpavlov" -homeDrive h: -homeDir "\MyCompany.orgDFSPathHomesjpavlov"

…or at least its close, although this time I used the “ID” instead of the “Name”.  I think this deserves some closer examination…  So next week, I’ll spend a some time covering alternative inputs/methods to the above, before we move on to troubleshooting and validation, and then sum the whole thing up.

Next time…  A couple more ways to to get it done…  See you then!


Updated 20120923:  command syntax fix

Scripted Home Folder Management with PowerShell Pt. 3

2017-07-27T00:01:07+00:00 September 12th, 2012|Uncategorized|

In this post, I’m following up on Part 1 and Part 2 of this series where I showed you how to create users (and set a few attributes) with PowerShell.  Now that you have your user created and configured, I’m going to show you a bit about Home Folder creation and permission assignment.  Remember that all of these basics are leading toward a single, simplified, scripted elements method of managing Home Folders in the Enterprise.

So let’s create a folder.  Of course, you know how to do that already, so I won’t belabor the point too much.  Picking up where we left off in the last post, you already have a PowerShell session going, with network access to the shares where the folders will be created.  And since PowerShell has native access to the filesystem via its own object paths, you can actually skip the fancy stuff and just do a good ol’ md:

md \serverShare$JPavlov

…or if you’re using a DFS structure, something like this…

md \MyCompany.orgDFSPathHomesJPavlov

I know, I know.  That’s not PowerShell.  So if you really want to use the benefit of PowerShell, you would use the New-Item command like this (sticking with our DFS structure from above):

New-Item -type directory -path \MyCompany.orgDFSPathHomesJPavlov

Okay, great.  At this point, we have a folder, but no permissions yet for the person who will use it.  In order to set the permissions, we’ll stick with PowerShell and…

1.) Build a variable with the existing permissions with the Get-Acl command:

$acl = Get-Acl \MyCompany.orgDFSPathHomesJPavlov

2.) Add-on the permission we want (your permissions may vary!):

$rule = New-Object System.Security.AccessControl.FileSystemAccessRule("CoretekServicesJPavlov", "DeleteSubdirectoriesAndFiles, Modify, Synchronize", "ContainerInherit, ObjectInherit", "None", "Allow")

3.) And then stuff it all back on the folder with the Set-Acl command:

Set-Acl \MyCompany.orgDFSPathHomesJPavlov $acl

There you have it!  We’ve created the soon-to-be Home Folder for the user we created previously, and added permission we want.  So it’s out there if the user can browse around and find it…  But let’s help them out a little bit and deliver it as a mapped drive in the next post.

Next time…  Assigning this folder as the user’s Home Folder via the AD attribute.  See you then!



Scripted Home Folder Management with PowerShell Pt. 2

2017-07-27T00:01:07+00:00 September 5th, 2012|Uncategorized|

In this post, I’m following up on Part 1 of this series where I showed you how to create users (and set a few attributes) the basic way with Powershell.  Now, I’m going to show you an easier way to create users thanks to the new(ish) Powershell modules that came along in Windows Server 2008 R2.  In the up-coming parts of this series, we’ll continue on to Home Folder creation/management concepts and automation.  But for now, let’s get that user created…

To be honest with you, I have to admit that most of the time when I’m building a script loop and just need an easy output that looks nice, I’d just do the DSAdd tool like this:

dsadd user "cn=Jeremy Pavlov,ou=Demo,dc=CoretekServices,dc=local" -samId JPavlov -disabled no -fn Jeremy -ln Pavlov -pwd ChangeMe123! -mustchpwd yes

…but the future is here, and the future is PowerShell; and you and I have to get over it.  Powershell gives us better portability, variable management, etc., etc…  So onward and upward. 

And with recent versions of Windows 2008 R2, Microsoft provides the new “ActiveDirectory” module; making user creation/management activities as easy to do as the DSAdd/DSMod tools.  Here’s what I mean…

Open a Powershell session, and import the ActiveDirectory module like this:

Import-Module ActiveDirectory

Note: You need to have network access to an Active Directory server running AD Web Services for this module to work. 

Loading this module is the equivalent of launching the “Active Directory Module for Windows PowerShell” option on Windows 7 and Server 2008, but if you’re scripting you’ll want to make sure you load the module explicitly.  And, as a result, you have a ton of new AD tools available to you. 

You can get a good look at the majority of the new AD tools by using this command:

Get-Command *-AD*

Finally, using the New-ADUser command, we create that user with what is pretty much the equivalent of the DSAdd above (I used the same options to help clarify):

New-ADUser -Path "ou=Demo,dc=CoretekServices,dc=local" -SamAccountName "JPavlov" -Enabled $true -Name "Jeremy Pavlov" -GivenName "Jeremy" -Surname "Pavlov" -AccountPassword (ConvertTo-SecureString –AsPlaintext "ChangeMe123!" –Force) -ChangePasswordAtLogon $true

And that’s it!  You have a new user with your standard attributes set correctly.  I like this one-line method because it looks much cleaner when you are building import scripts that must be distributed to other folks, or when you want to insert some other command between each line (if you’re looping), etc.; it’s neat.

On a side note, there’s also a way to read in the contents of a formatted CSV, and pump it into the New-ADUser command; but my goal here is to show you concepts that ultimately can be combined into an multifaceted script.

Next time…  Home Folder creation and permission assignment.  See you then!