Hi guys,
I have to migrate just over 4000 pc’s onto a brand new domaine. I have been working on a script that renames a local pc with a new name, then joins it to the domain without a reboot, via GUI.Rob Simmers was to kind as to help me populate some info for my GUI, and it works 100%. I found a script on the MS gallery that migrates the current users profile, to the newly created domain user account, but there are some issues with this part of the script. I have created the GUI to capture the user info, and I am trying to use the PowerShell to automate the process in the background. I have modified it so that it is much shorter.
The problem comes in when I am trying to run the last two paragraphs of the scripts, that changes the access permissions of the new user, to the access of the current user. This is on a Windows 10 Enterprise VM.
Does anyone perhaps have a better option to do this?
function Get-SID ([string]$env:USERNAME) { $objUser = New-Object System.Security.Principal.NTAccount($env:USERNAME) $strSID = $objUser.Translate([System.Security.Principal.SecurityIdentifier]) $strSID.Value } #### Existing Domain user info used to create new user on local PC $DomainName='microsoft.com' $OU = 'New Computers, DC=microsoft, DC=com' $UserName = 'joe.soap' $Password = 'Password@1' | ConvertTo-SecureString -AsPlainText -Force $Credential = New-Object System.Management.Automation.PSCredential -ArgumentList @($UserName, $Password) $NewUser = ($Credential.Username) $NewSPN_Name = $NewUser+'@'+$DomainName $Cred = New-Object System.Management.Automation.PSCredential -ArgumentList @($NewSPN_Name, $Credential.Password) $CurrentUser = [Environment]::UserName $CurrentUserSID = Get-SID $CurrentUser $NewUserSID = Get-SID $NewSPN_Name $ACL = (Get-Item $home).GetAccessControl('Access') $ACL.SetAccessRuleProtection($true, $false) $permission1 = ($NewUser,"FullControl","Allow") $AR = new-object System.Security.AccessControl.FileSystemAccessRule($permission1) $ACl.SetAccessRule($AR) $ACL | Set-Acl -path $HOME Set-Content $home\UserSID.txt "SID of $CurrentUser `r`n$CurrentUserSID`r`n`r`nSID of $NewSPN_Name `r`n$NewUserSID" $Acl = Get-Acl "Registry::HKU\$CurrentUserSID" $permission = ($NewUserSID,"FullControl","Allow") $rule = New-Object System.Security.AccessControl.RegistryAccessRule ($permission) $Acl.SetAccessRule($rule) $Acl |Set-Acl -Path "Registry::HKU\$NewUserSID" $Acl = Get-Acl "Registry::HKU\($CurrentUserSID)_Classes" $permission = ($NewUserSID,"FullControl","Allow") $rule = New-Object System.Security.AccessControl.RegistryAccessRule ($permission) $Acl.SetAccessRule($rule) $Acl |Set-Acl -Path "Registry::HKU\($NewUserSID)_Classes"