PowerShell - Create Shared Folder with permissions for each domain user

Hello all this is the first time I ask here for something about it so I am already sorry if I am unclear. (sorry for bad english)

I have the following problem:

I need to create a folder structure for a company that should look something like this ->

\Server01\Shared\MainFolder\ in this Mainfolder, then each user has its own folder, which is also named after the user-name, and only that user can access it. If I am not completely wrong one can also set up so only the user XY sees its folder XY and not everyone else.

So that would be the idea, only the whole implement I have not yet managed. And since I have no desire for 50+ coworkers to create a folder + the permissions set I thought it must somehow go with a script.

Now I ask you, is that at all possible with a script to build such a structure? If I have forgotten important information, I am sorry.

P.S: I’m new to PowerShell, do not expect that much from me this is my first time i try something like that

Thanks in advance for your help :slight_smile:

This should get you most of the way there or at least give you a start. It would also be helpful if you post what you have tried so far


$ADUsers = Get-ADUser -server $ADServer -Filter * -Credential $GetAdminact -searchbase $searchbase -Properties * 
#modify display name of all users in AD (based on search criteria) to the format "LastName, FirstName Initials" 
ForEach ($ADUser in $ADUsers)  
 #The line below creates a folder for each user in the \\serrver\users$ share 
 #Ensure that you have configured the 'Users' base folder as outlined in the post 
#New-Item -ItemType Directory -Path "\Server01\Shared\MainFolder\$($ADUser.sAMAccountname)" 
New-Item -ItemType Directory -Path "\\Server01\Shared\MainFolder\$($ADUser.DisplayName)" 
#add option to create with GivenName Surname but comment it out 
#Grant each user Full Control to the users home folder only 
#define domain name to use in the $UsersAm variable 
$Domain = 'Domain' 
#Define variables for the access rights 
#1Define variable for user to grant access (IdentityReference: the user name in Active Directory) 
#Usually in the format domainname\username or groupname 
$UsersAm = "$Domain\$($ADUser.sAMAccountname)" #presenting the sAMAccountname in this format  
#stops it displaying in Distinguished Name format  
#Define FileSystemAccessRights:identifies what type of access we are defining, whether it is Full Access, Read, Write, Modify 
$FileSystemAccessRights = [System.Security.AccessControl.FileSystemRights]"FullControl" 
#define InheritanceFlags:defines how the security propagates to child objects by default 
#Very important - so that users have ability to create or delete files or folders  
#in their folders 
$InheritanceFlags = [System.Security.AccessControl.InheritanceFlags]::"ContainerInherit", "ObjectInherit" 
#Define PropagationFlags: specifies which access rights are inherited from the parent folder (users folder). 
$PropagationFlags = [System.Security.AccessControl.PropagationFlags]::None 
#Define AccessControlType:defines if the rule created below will be an 'allow' or 'Deny' rule 
$AccessControl =[System.Security.AccessControl.AccessControlType]::Allow  
#define a new access rule to apply to users folfers 
$NewAccessrule = New-Object System.Security.AccessControl.FileSystemAccessRule ` 
    ($UsersAm, $FileSystemAccessRights, $InheritanceFlags, $PropagationFlags, $AccessControl)  
#set acl for each user folder#First, define the folder for each user 
#$userfolder = "\\Server01\Shared\MainFolder\$($ADUser.sAMAccountname)" 
$userfolder = "\\Server01\Shared\MainFolder\$($ADUser.DisplayName)" 
$currentACL = Get-ACL -path $userfolder 
#Add this access rule to the ACL 
#Write the changes to the user folder 
Set-ACL -path $userfolder -AclObject $currentACL 

Thats what i have found and tested a few minutes ago, but the part with permissions still does not work