I am writing a script that will import a CSV file to create AD user accounts and then create user folders on a storage server. The number of users can be from 1 to several thousand every semester. User accounts are first created on AD, then once this is complete, invoke-command is made with a second script to the storage server to create directories and set user permissions.
Obviously you can not set user ACL’s if the user does not exist. So here is my issue: When set-acl is run, how is the user account checked against AD? If the users are checked against the AD server that I created the accounts on previously, then I don’t have an issue. But if the call is made to a different AD server and replication has not been completed, an exception is thrown. I haven’t yet had this problem in testing, but I can see this being an issue in the live environment.
How do I handle this?
- If the AD check is made against the calling AD because of the invoke-command, then I am done. There should be no problem.
- If the OS handles the user name check, is there a powershell cmdlet I can use to force the check against a particular server?
- Any other suggestions?
I can probably delay the directory creation process run by an hour or so but would rather not do that as some of the account creations will be during school hours.