1

With Active Directory I can manually create new users. Every time I do that, I use right click -> Copy on that user, then I modify some things like Name, Surname and SamAccountName. This process creates a new user with common properties with the copied user and also a home folder in our NAS (with path $NAS_path). I created a script to automate that and it works. The fundamental part of it is

$templateUser = Get-ADUser -Identity $usertocopy -Properties ObjectCategory, ObjectClass, PrincipalsAllowedToDelegateToAccount
New-ADUser -Name "$($user_name) $($user_surname)" -GivenName $user_name -Surname $user_surename -Description "employee" -SamAccountName $user_domain_name -UserPrincipalName "$($user_domain_name)@myorg" -HomeDirectory "$($NAS_path)\$($user_domain_name)" -HomeDrive "W:" -Accountpassword $password -ChangePasswordAtLogon $true -Instance $templateUser

For the most part I'm ok with the result. But it just creates a new user, how can I create a folder in the NAS with "similar" permissions for the new user? By "similar" I mean that the new user can do the same things with their new folder that the old user can do with their folder. Those are the permissions of the folder \\NASPATH\test.test of the user with SamAccountName test.test:

Get-Acl \\NASPATH\test.test | Format-List

Path   : Microsoft.PowerShell.Core\FileSystem::\\NASPATH\test.test
Owner  : BUILTIN\Administrators
Group  : MYORG\Domain Users
Access : BUILTIN\Administrators Allow  268435456
         BUILTIN\Administrators Allow  FullControl
         MYORG\test.test Allow  268435456
         MYORG\test.test Allow  FullControl
         BUILTIN\Administrators Allow  FullControl
         NT AUTHORITY\SYSTEM Allow  FullControl
         CREATOR OWNER Allow  FullControl
         MYORG\ouradmin Allow  FullControl
Audit  : 
Sddl   : O:BAG:DUD:AI(A;OICIIO;GA;;;BA)(A;;FA;;;BA)(A;OICIIO;GA;;;S-1-5-21-2801405462-3170940757-3729986713-3219)(A;;FA
         ;;;S-1-5-21-2801405462-3170940757-3729986713-3219)(A;OICIID;FA;;;BA)(A;OICIID;FA;;;SY)(A;OICIIOID;FA;;;CO)(A;O
         ICIID;FA;;;S-1-5-21-2801405462-3170940757-3729986713-1530)
Improve this question

1 Answer 1

Reset to default
0

If you create the user with -HomeDirectory "\\Server\Share\%username%" the folder will be created on logon with the user as owner.

The user needs to be able to create folders on \\Server\Share\. You could give this permission to a group like "all_users" which every user will be put into when creating. Give Create files / write data and Create folders / append data permissions.

As far as I'm aware, most sysadmins keep it that way.

Improve this answer
4
  • Unfortunately this is not my case. I checked that when creating a new user through manually copying an older one the shared folder gets created immediately (before user logon!). Anyway I created a user using my script and it didn't create any folder, I logged in with the new user, then I logged off and checked back the shared folders: the folder for the new user wasn't created... Commented Jan 5, 2023 at 10:31
  • By "The user needs to be able to create folders on \\Server\Share\%username%", do you mean that I need to give some permission to the user before logon? So that the folder get automatically generated at logon? Commented Jan 5, 2023 at 10:36
  • yes, you could give this permission to a group like "all_users" which every user will be put into when creating. Give "Create files / write data", "Create folders / append data" Commented Jan 6, 2023 at 7:10
  • Thank you. I guess that this is a permission problem. In particular when creating the user I didn't copy the PrimaryGroup and PrimaryGroupId properties (because I got some errors), so I think that the created user belongs to no group, therefore it has no permissions. I'll try to create a user in an actual group and see if the magic happens (the folder gets automatically created) Commented Jan 6, 2023 at 8:56

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.