Combine New-ADUser New-Item and Set-ACL

by MattNZ at 2012-11-02 15:55:11

Hi all,

Being totally new to powershell, Id like import my users avoiding the limited GUI tools. Ive put together 3 scripts that appear to work, id just like to combine them.
So far I’ve managed to:

#Import Users from CSV
Import-csv c:\new2013.csv | ForEach-Object {New-ADUser
-SamAccountName $.SamAccountName
-Name $
.Name
-GivenName $.FirstName
-Surname $
.Surname -Description $.Description
-DisplayName $
.DisplayName
-HomeDirectory $.HomeDirectory
-HomeDrive $
.HomeDrive
-AccountPassword (ConvertTo-SecureString $.Password -AsPlainText -force)
-ChangePasswordAtLogon $True
-Enabled $True
-EmailAddress $
.EmailAddress
-UserPrincipalName $.EmailAddress}

Create a folder on the home share: (using the CSV again):
Import-csv c:\new2013.csv | ForEach-Object {New-Item -ItemType Directory -Path \file\home$ -name $
.SamAccountName}
And then change the ACL’s to suit (thanks to this link for this)
Import-csv c:\new2013.csv | ForEach-Object {
$user = $.SamAccountName
$acl = get-acl \file\home$$user
$acl.SetAccessRuleProtection($True, $False)
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule("Administrators","FullControl", "ContainerInherit, ObjectInherit", "None", "Allow")
$acl.AddAccessRule($rule)
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule("Staff","FullControl", "ContainerInherit, ObjectInherit", "None", "Allow")
$acl.AddAccessRule($rule)
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule("$user","Modify", "ContainerInherit, ObjectInherit", "None", "Allow")
$acl.AddAccessRule($rule)
Set-Acl \file\home$$user $acl}


If there is a nice way to combine all this into one import id like to know how. :slight_smile:
by coderaven at 2012-11-02 20:53:14
from what you have just keep with it in your foreach-object loop like so

Import-csv c:\new2013.csv | ForEach-Object {
#Creating user
New-ADUser
-SamAccountName $
.SamAccountName
-Name $.Name
-GivenName $
.FirstName
-Surname $.Surname -Description $.Description
-DisplayName $.DisplayName
-HomeDirectory $
.HomeDirectory
-HomeDrive $.HomeDrive
-AccountPassword (ConvertTo-SecureString $
.Password -AsPlainText -force)
-ChangePasswordAtLogon $True
-Enabled $True
-EmailAddress $.EmailAddress
-UserPrincipalName $
.EmailAddress}

#Creating User Home Drive Folder
New-Item -ItemType Directory -Path \file\home$ -name $.SamAccountName

#Setting Permission on new Home drive folder
$user = $
.SamAccountName
$acl = get-acl \file\home$$user
$acl.SetAccessRuleProtection($True, $False)
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule("Administrators","FullControl", "ContainerInherit, ObjectInherit", "None", "Allow")
$acl.AddAccessRule($rule)
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule("Staff","FullControl", "ContainerInherit, ObjectInherit", "None", "Allow")
$acl.AddAccessRule($rule)
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule("$user","Modify", "ContainerInherit, ObjectInherit", "None", "Allow")
$acl.AddAccessRule($rule)
Set-Acl \file\home$$user $acl
}
by MattNZ at 2012-11-02 22:52:13
Hi coderaven,
Ok ill give that a go… pretty easy huh - I thought I had tried that while experimenting but probably messed up the curly brackets or something.
Will let you know when I try back at work.

Cheers.