Scripted Home Folder Management with PowerShell Pt. 1

I’ve been doing tons of scripting for the project on which I’m working lately.  And I thought it’d be cool to spend a few posts in a row covering a few base elements of PowerShell-based user and Home Folder management, and build up toward a script for user and folder creation/deletion that you can easily use. 

I don’t intend to get fancy with this; in fact, I intend to make is simple as possible, and maybe kick around a few alternative methods to do the same tasks.  My goal is not to teach PowerShell, but to show you you can script these things easily.

So join me on the journey!  But let’s get there in small steps.  We’ll start at the start, with user creation.  Open a PowerShell session, and let’s get to it…

In order for this article series to work, I have to make some assumptions: I’ll assume you have the proper rights, a test environment, the proper PowerShell modules, and a Windows 7 or Server 2008 R2 computer.

For this first method in Part 1, we are going to show you how to do it with just native Powershell, using the ADSI provider, without any additional Powershell modules.  It’s like learning how to do the work on paper before you use a calculator…  😉

First, set up a variable that opens an LDAP connection to the server, using the ADSI provider (note, “LDAP” is case-sensitive) and specifying the OU where we’ll be creating our new User object:

$MyConnection = 
[ADSI]"LDAP://ou=Demo,dc=CoretekServices,dc=local"

Next, set up a variable that defines what you’re creating, along with a few critical attributes:

$MyObject = $MyConnection.create("User","cn=Jeremy Pavlov") 
$MyObject.Put("givenName","Jeremy")
$MyObject.Put("surname","Pavlov")
$MyObject.Put("samAccountName","JPavlov")

Finally, the command to make it happen:

$MyObject.SetInfo()

…and with that, the user is created in a “disabled” state.  So let’s fix that and set a password, using the same object and connection calls:

$MyObject.PsBase.Invoke("SetPassword","ChangeMe123!")
$MyObject.PsBase.InvokeSet("AccountDisabled","$false")
$MyObject.SetInfo()

But, as you may or may not expect, the act of setting the password in the previous step also clears the requirement for the user to change the password at first login… but we definitely want the user to do that.  So let’s set it back with one final step:

$MyObject.pwdLastSet = 0
$MyObject.SetInfo()

Okay, okay, I know what you’re saying, “…Man, that’s alot of work…”  And I’ll admit,this is the hard way.  So I’ll show you some easier ways in the next post.

(Updated 20120903; fixed syntax typos, split some content to next week’s post)

Next time…  A couple easier creation options…  See you then!

 

 

2017-07-27T00:01:07+00:00 August 29th, 2012|Uncategorized|

Share This, Choose Your Platform!

About the Author:

Jeremy is just a regular guy that likes to occasionally tell the world about stuff.