-
Notifications
You must be signed in to change notification settings - Fork 0
/
create_home_folder.ps1
68 lines (53 loc) · 1.67 KB
/
create_home_folder.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
#Initialize default properties
$c = $configuration | ConvertFrom-Json
$p = $person | ConvertFrom-Json;
$m = $manager | ConvertFrom-Json;
$success = $False;
$account_guid = New-Guid
#Change mapping here
$account = [PSCustomObject]@{
externalId = $account_guid;
}
if (-Not($dryRun -eq $True)) {
#Write create logic here
}
#Get the SamAccountName from Person account data
$SamAccountName = $p.Accounts.MicrosoftActiveDirectory.SamAccountName;
#Construct the properties
$homeDirectory = "\\SERVER\Share\$SamAccountName"
$homeDrive = "H:"
#Get the user SID
$user = Get-ADUser -Identity $SamAccountName -Properties ObjectSID
if ($null -eq $user) {
# Handle failure, exit script
}
#Create the home directory, suppress output
try {
New-Item -Path $homeDirectory -ItemType Directory | Out-Null
}
catch {
# Handle failure as exception
}
# Set NTFS rights
try {
$acl = Get-ACL -Path $homeDirectory
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule($user.ObjectSID, "Modify", "ContainerInherit, ObjectInherit", "None", "Allow")
$acl.AddAccessRule($rule) | Out-Null
Set-Acl -Path $homeDirectory -AclObject $acl | Out-Null
# Update AD user properties
Set-ADUser -identity $SamAccountName -HomeDirectory $homeDirectory -HomeDrive $homeDrive | Out-Null
$auditMessage = "Homedirectory created for: " + $p.DisplayName;
$success = $True;
}
catch {
# Handle failure as exception
}
#build up result
$result = [PSCustomObject]@{
Success = $success;
AccountReference = $account_guid;
AuditDetails = $auditMessage;
Account = $account;
};
#send result back
Write-Output $result | ConvertTo-Json -Depth 10