I’m trying to figure out how I can create a script that would generate the folder’s and set the permissions based on the Manager’s Value and Direct Reports. For example if I’d like to have it create the top folder for our Deputy then the subfolder for people whose manager is the Deputy but only if they have both the manager value and direct reports to value if that makes sense. The why the permissions should work is the Deputy has access to all subfolders but the Manager doesn’t. Then I’d like to create a shortcut to that path in the users Home drive. Anyone have any experience in doing this? Basically I’m trying to set it up so users aren’t sending performance evaluations via email to HR but storing them on the share for HR. The part I’m going to run into issue’s with is that there are two domains so for access I’ll need to create a domain local group to give rights to users in the other domain as HR.
If someone can point me into the right way to do this that would be great. I haven’t started writing the script or creating the folders yet as I’m waiting for management to let me know what file server to store them on.
But ideally I’ll pull from what’s in the AD for Manager and Direct Reports and/or export that into a CSV list and use that to create the folders and set the rights.
Well, you shouldn’t be setting explicit user permissions at the folder level. You should be creating an AD Group(s), set the permissions with the group(s) and then adding managers\employees to the AD group.
Create Folder > New-Item
Create Group > New-ADGroup
Permissions > Set-ACL or XCACLS
If you know the Deputy’s name, then you could use Get-ADUser to run a query to see who reports under that person and use Add-ADGroupMember to add the individuals to the group.
Thanks!
I just was trying to avoid creating a group for each supervisor, as the way the folder structure is going to be as follows.
HR Performance Reviews
Department
Deputy
Regional Manager’s
Supervisor
So for example it HR would have access to all from the top down,
Deputy’s for their respective departments would have access from Deputy down to Supervisor
Regional Managers would have access to Supervisors
and the Supervisors would have access to just their folder.
I just didn’t know if it would be simpler to create a excel spread sheet or a script to look under the root path and if no folder exist for the user then to create it as the folder naming is going to be the Samaccount name / Alias for each of the respected individuals, and the Regional Manager Subfolders will be the folks who have the Manager value equal to the Deputy’s and have values present for the Direct Reports value would be the Regional Managers, and then folks who have Regional Manager value as their Manager value equal to the Regional Manager and Direct Reports value present would be the Supervisors.
I have the names of all the folks, just trying to figure out what the best method is to complete this process.