Hi All
I am a complete novice at this and this is my first attempt at a script. I have a script working (thanks to online resource) which I’ve modified, it creates a folder scructure (home directories based on a txt file that I feed it) and applies permissions to each folder.
So it works on my PC (not a server, so am using Quest ActiveRoles software which can query AD without the need for the AD module that PS needs?) and on our network share drives (within the same domain as the users who I’m applying permissions for).
The issue is I can’t apply their permissions to the folders on the share I need to write to (different domain within our org)… I know it’s to do with th fact that the users are not ‘users’ on the ‘other’ domain. For me to add them manually on a folder via properties, security in XP, I must change the location to the ‘service’ domain, or use their fully qualified username, ie domain\username or username@domain.csv.au… then it can find them… Can I script this?
the txt file cannot be edited to inlude the fully qualified username as I also use the same name to create the folder for the user. Is there a way I can pass the "domain" to the username that’s stored in $User within the script? Alternatively, I may ask the server guys if they can all my users to the domain they are not members of?
Thanks for your help.
the code:
#> param ( [String]$Path, [String]$UserList, [String[]]$FullControlMember ) $Users=@() $Results=@() #Import-Module ActiveDirectory if (-not (Test-Path $Path)) { write-error -Message "Cannot find path '$Path' because it does not exist." return } if (-not (Test-Path $UserList)) { write-error -Message "Cannot find '$UserList' because it does not exist." return } else { $Users=Get-Content $UserList } #Check whether the input AD member is correct if ($FullControlMember) { $FullControlMember|ForEach-Object { if (-not(Get-QADObject -Name "Name $_")){ $FullControlMember= $FullControlMember -notmatch $_; Write-Error -Message "Cannot find an object with name:'$_'" } } } $FullControlMember+="BUILTIN\Administrators", "RGOperators" foreach($User in $Users) { $HomeFolderACL=Get-Acl $Path $HomeFolderACL.SetAccessRuleProtection($true,$false) $Result=New-Object PSObject $Result|Add-Member -MemberType NoteProperty -Name "Name" -Value $User if (Get-QADUser -Name "$User") { New-Item -ItemType directory -Path "$Path\$User"|Out-Null #set acl to folder $FCList=$FullControlMember+$User $FCList|ForEach-Object { $ACL=New-Object System.Security.AccessControl.FileSystemAccessRule($_,"FullControl","ContainerInherit,ObjectInherit","None","Allow") $HomeFolderACL.AddAccessRule($ACL) } Set-Acl -Path "$Path\$User" $HomeFolderACL $Result|Add-Member -MemberType NoteProperty -Name "IsCreated" -Value "Yes" $Result|Add-Member -MemberType NoteProperty -Name "Remark" -Value "N/A" } else { $Result|Add-Member -MemberType NoteProperty -Name "IsCreated" -Value "No" $Result|Add-Member -MemberType NoteProperty -Name "Remark" -Value "Cannot fine an object with name:'$User'" } $Results+=$Result