0

I work for a school district and I recently moved every staff member's user folder to a new file server. So the file structure looks like this:

E:

staff

asmith
bconlon
crichards
fgrant

Since every user is assigned a home directory via Active Directory, I used the following PowerShell script to remap everyone's home drive in one fell swoop:

Get-ADUser -Filter * -SearchBase 'OU=BES,OU=BPS,DC=bourne,DC=k12,DC=ma,DC=us' | ForEach-Object {
Set-ADUser $_.SamAccountName -HomeDrive "H:" -HomeDirectory "\\bpsfile\staff\$($_.SamAccountName)"
}

This worked great. However, my problem now is with the permissions. The owner of every directory in the entire tree is administrator and none of the users can write to their own directories now.

I was wondering if there's a similar way to use PowerShell to find the name of each folder in the tree (which is based on the same usernames in AD, i.e. jsmith) and then grant all permissions to that username to that folder and all of its child folders.

Thanks for any insight!

PS The file server is Windows Server 2008 R2 Standard

Improve this question

1 Answer 1

Reset to default
1

You can use this:

Set Deafult Values

[Array]$Rights = "ReadAndExecute","Write","Modify"
[Array]$InheritanceFlag = @("ContainerInherit","ObjectInherit")
[Array]$PropagationFlag = "None"
[String]$AccessType = "Allow"

$AccessRights = [System.Security.AccessControl.FileSystemRights] $Rights
$InheritanceFlags = [System.Security.AccessControl.InheritanceFlags]$InheritanceFlag
$PropagationFlags = [System.Security.AccessControl.PropagationFlags]$PropagationFlag
$Type = [System.Security.AccessControl.AccessControlType]$AccessType

Run your filter again with the Set-permission code

Get-ADUser -Filter * -SearchBase 'OU=BES,OU=BPS,DC=bourne,DC=k12,DC=ma,DC=us' | 
ForEach-Object {

$Folder = "\\bpsfile\staff\$($_.SamAccountName)"
$SAMAccountName = $_.SAMAccountName

$NTAccount = [System.Security.Principal.NTAccount]($SAMAccountName)
$IdentityReference = $NTAccount.Translate([System.Security.Principal.SecurityIdentifier])

$ACL = Get-Acl $Folder
$AccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule($IdentityReference, $AccessRights, $InheritanceFlags,$PropagationFlags,$Type)
$ACL.AddAccessRule($AccessRule)
Set-Acl -Path $Folder -AclObject $ACL

}
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Perfect, this saved me hours upon hours of grunt work... I can't thank you enuogh!

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.