Some administrators prefer to do everything manually, other automated. I have always preferred to have as much as possible automated or at least set up with a script so the action can easily be repeated without varying end results.
I have written a script which verifies that all users that should have a home folder has one, and that it has the appropriate permissions.
If you use ADUC to set a home folder it per default gives the user Full Permissions, this is not optimal because it gives the end user the ability to change the permissions on their folders. I always prefer to give them Modify instead.
And sometimes the folder has mysteriously not been created on the server, or been deleted. This script will also fix that.
# User Home Directory Permissions - jocha.se 2013-01-15
#
# Created a home folder for users who does not have one and sets correct permissions.
# Loading modules
Import-Module ActiveDirectory
$DC = "MYDC.COMPANY.LOCAL"
$OU = "OU=PRODUCTION,DC=COMPANY,DC=LOCAL"
$Content = (Get-ADUser -Server $DC -filter * -Properties * -SearchBase $OU | select SamAccountName, HomeDirectory )
FOREACH ($ID in $Content) {
$User = $ID.SamAccountName
$Folder = $ID.HomeDirectory
# Check if the user has a HomeDirectory.
If (($User -ne "SamAccountName") -and ($Folder)) {
# Check if folder exists, if not it created it.
If ((Test-Path $Folder) -ne $true) {
Write-Host
Write-Host $User " HomeDirectory does not exist. Creating..."
New-Item -ItemType directory -Path $Folder
icacls $Folder /grant $User`:`(OI`)`(CI`)M
}
# Check if permissions are F (Full)
$Icacls = icacls $Folder
$Match = "*" + $User + ":(F)*"
$IcaclsResult = $Icacls -like $Match
If ($IcaclsResult) {
Write-Host
Write-Host $User " HomeDirectory has incorrect permissions. Resetting..."
icacls $Folder /remove:g $User
icacls $Folder /grant $User`:`(OI`)`(CI`)M
}
}
}
If this helped you or if you need assistance adjusting it let me know.
