Hi all, i’m a newbie in powershell, months ago I was helped by some forum users, so I’m still here asking for your help.
I have a problem that I cannot solve, I need to assign the permissions listed as follows to a folder:
- Username (full Control)
- Domain Admins (full Control)
- FS technicians (Full Control).
I copy the permissions of a folder to the destination folder but the user for which I am running the script is not entered and the permissions are like this: - Domain Admins (Full Control)
- Domain User (Read)
Technical FS (Full Control).
Above the script
Thanx all for the help
The error begin on line 75.
Remove-Variable * -ErrorAction SilentlyContinue; Remove-Module *; $error.Clear(); Clear-Host
Add-Type -AssemblyName System.Windows.Forms
#[System.Windows.MessageBox]::Show('ATTENZIONE: lo script può essere lanciato solo in contesto Amministrativo (a+username)')
$FileBrowser = New-Object System.Windows.Forms.OpenFileDialog -Property @{
Multiselect = $true
}
[void]$FileBrowser.ShowDialog()
$FileBrowser.FileNames
$ADUsers = Import-Csv -Path $FileBrowser.FileNames -Delimiter ';'
$ADUsers | Where-Object { $_.username -match '\S'} | ForEach-Object {
$Username = $_.username
if (Get-ADUser -Filter "SamAccountName -eq '$Username'" -ErrorAction SilentlyContinue) {
Write-Warning "A user account with SamAccountName '$Username' already exist in Active Directory."
}
else {
$userParams = @{
SamAccountName = $_.username
UserPrincipalName = "$($_.username)@reggiocity.it"
Name = $_.username
GivenName = $_.givenName
Surname = $_.sn
Enabled = $true
DisplayName = $_.username
Path = $_.path
AccountPassword = (ConvertTo-SecureString $_.Password -AsPlainText -Force)
ChangePasswordAtLogon = $true
description = $_.description
OfficePhone = $_.telephoneNumber
EmailAddress = $_.mail
POBox = $_.postOfficeBox
ScriptPath = $_.scriptPath
HomeDirectory = $_.homeDirectory
HomeDrive = $_.homeDrive
MobilePhone = $_.mobile
HomePhone = $_.HomePhone
Title = $_.Title
Department = $_.department
Company = $_.company
}
#Creazione Quota W:\
$PSScriptRoot = “\\reggiocity.it\fs\Gestione Tecnologie e Sistemi Informativi\UOC Gestione Strutture Tecnologiche\Quota_Set”
$arg = ("-n {0}" -f $Username)
$proc = Start-Process -FilePath "quota_create_unity.cmd" -WorkingDirectory $PSScriptRoot -ArgumentList $arg -Wait -PassThru
if ($_.manager) {
$userParams.Manager = $_.manager
}
if ($_.accountExpires) {
$userParams.AccountExpirationDate = $_.accountExpires
}
New-ADUser @userParams -PassThru |
Set-ADUser -Replace @{pager = $($_.pager)}
$Inputstring = $($_.MemberOf)
$CharArray =$Inputstring.Split(",")
#$CharArray
ForEach ($Items in $Username)
{
if (!$CharArray -eq "" -or !$CharArray -eq $null) {
Add-ADPrincipalGroupMembership -Identity $Username -MemberOf $CharArray }
Get-ADuser "$Username" |Set-ADuser -Replace @{PrimaryGroupID = $($_.PrimaryGroupID)}
}
#Start-Sleep -s 5
#Modifica ACL per cartella W:
$PathSRC="\\reggiocity.it\fs\Utenti\Default"
$PathTRG="\\reggiocity.it\fs\utenti\" + $Username
Get-acl $PathSRC | Set-Acl $PathTRG
$acl = Get-Acl $PathTRG
$AccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule($Username,'FullControl',('ContainerInherit,ObjectInherit'),'None','Allow')
$acl.SetAccessRuleProtection($true,$true)
$acl.SetAccessRule($AccessRule)
$acl | Set-Acl $PathTRG
#lancio Chrome per registrazione utente su Domino
Start-Sleep -s 5
$url="http://webmail.municipio.re.it/utilities/reguser.nsf/Registra%20Utente?openagent"
$null =[System.Diagnostics.Process]::Start("chrome.exe","$url")
#Write-Host "Created new user '$Username' with initial password: $($_.Password)"
#Write-Host "gruppi a cui appartiene= $($_.MemberOf)"
}
}
The error is here:
