There is no translation available for this article. Il n'y a pas de traduction pour cet article

After a restoration procedure of a file server, all users home folders lors their specific ACL.
To avoid performing it manually for each user, we're going to use a powershell script.

Script Description

The following script will look for users in your Active Directory and then, for each user in the scope (see Search Base part), will test the defined path to make sur a home folder exists. If the folder exists, the script will set the ACL permissions to Full Control on user's folder, subfolders and files.

If the user does not have a personal home directory on the defined path, a message is logged in a log file you may define.

Practical notes:

  • The first part of the script contains variables you have define to adapt to your own environment:
    • Type of the right (base is FullControl)
    • Your Domain
    • The SearchBase for the users in your domain
    • The Home Directory  base folder
    • The Log path you want to use
  • The script must be run as administrator on your file server

Copy the code bellow and save it as .ps1 file

<#    
    .NOTES
    ===========================================================================
     Created with:     SAPIEN Technologies, Inc., PowerShell Studio 2017 v5.4.144
     Created on:       24/11/2017 08:06
     Created by:       HOFF Steven
     Organization:     CIRB-CIBG
     Filename:         set-ACL_HomeFolders.ps1
    ===========================================================================
    .DESCRIPTION
        The following script will look for users in your Active Directory and then, for each user in the scope (see Search Base part), 
        will test the defined path to make sur a home folder exists. 
        If the folder exists, the script will set the ACL permissions to Full Control on user's folder, subfolders and files.
        If the user does not have a personal home directory on the defined path, a message is logged in a log file you may define.
#>

# Configurable Variables
$Right = "FullControl"
$domain = "DOMAIN.LOCAL"
$searchbase = "OU=ACCOUNTS,DC=DOMAIN,DC=local"
$HomeDirPath = "D:\DATA\Home"
$logpath = "C:\log.txt"

# Automatic Variable to get ad user list
$adusers = Get-ADUser -Searchbase $searchbase -Filter * | select samaccountname

# Performing loop
foreach ($account in $adusers)
{
    $user = $account.samaccountname
    $principal = "$domain\$user"
    Write-Host -fore DarkYellow "Testing Home dir path for $user account"
    $pathtest = Test-Path $HomeDirPath\$user
    if ($pathtest -eq $true)
    {
        # Path is true, defining the right ACL to the right folder
        $path = "$HomeDirPath\$user"
        Write-Host -fore Green "Ok, path exists on $pathtest for $user"
        $rule = new-object System.Security.AccessControl.FileSystemAccessRule($Principal, $Right, "ContainerInherit,ObjectInherit", "none", "Allow")
        $acl = Get-Acl $path
        $acl.setaccessrule($rule)
        Set-Acl $path $acl
        $user = ""
        $printcipal = ""
        $pathtest = ""
    }
    else
    {
        # Path is false, logging to the log file
        Write-Host -Fore Red "Path for $user does not exist on destination path"
        Write-Output "$pathtest does not exist for $user" >> $logpath
        
    }
}

 

blog comments powered by Disqus