0 votes

Hello Adaxes Support,

I'm using this Skript for creating a Userfolder on a Server including ACLs. It works fine.

$strPath="\\%adm-CustomAttributeText16%\d$\Benutzer\%username%"
$Username="%userPrincipalName%"
New-Item -ItemType directory -Path $strPath
        #set acl to folder
        $HomeFolderACL=Get-Acl $strPath
        $ACL=New-Object System.Security.AccessControl.FileSystemAccessRule($Username,"Modify","ContainerInherit,ObjectInherit","None","Allow")
                                $HomeFolderACL.AddAccessRule($ACL)

        Set-Acl -Path $strPath $HomeFolderACL
        $strPath

Now I'm trying to share this Folder but I'm not able.

Can someone help me?

Thanks in advance

by (700 points)

1 Answer

0 votes
by (216k points)

Hello,

As far as we can see, you are trying to create home folders for users with the help of the script. Adaxes already contains the Create the home directory and Share the home directory actions for this purpose that can be used in Business Rules, Custom Commands and Scheduled Tasks. Is there any reason why you don't want to use the built-in actions?

0

Hello Support,
I know this feature. However, we do not used it in our environment. We use a logo script for mapping the user home drive. Therefore I can not use this as feature. Do you still have a other suggestion?

0

OK, we'll ask our script guys to look into this. We'll update this topic as soon as they come up with something.

0

Hello,

Our script guys have come up with the following script that can be used to implement your task. In the script:

  • $homeFolderPath - template path for the home folders created by the script;
  • $fileSystemAccessRights - permissions for the User to access his home folder share;
  • $accessControlType - permission type for the User's home folder: 0 = allow, 1 = deny;
  • $description - home folder share description;
  • $maximumAllowed - the maximum allowed number of simultaneous connections to the home folder share;
  • $shareName - home folder share name.

Modify the script to your requirements.

$homeFolderPath = "\\%adm-CustomAttributeText16%\d$\Benutzer\%username%" # TODO: modify me
$fileSystemAccessRights = 1245631 # TODO: modify me. User permissions for the shared folder ;2032127 = Full Control; 1245631 = Change; 1179817 = Read
$accessControlType = 0 # TODO: modify me. Access Control Type user on a shared folder; 0 = allow, 1 = deny
$description = "User home folder" # TODO: modify me. Text or $NULL
$maximumAllowed = 20 # TODO: modify me. Limit for the number of simultaneous users. Number or $NULL
$shareName = "%username%" # Share Name

Function Create-Share($homeFolderPath, $fileSystemAccessRights, $accessControlType, $description, $maximumAllowed, $shareName)
{
    # Build path
    $uncPath = $homeFolderPath.Replace("\\","")
    $uncParts = $uncPath.Split('\')
    $serverName = $uncParts[0]

    try
    {
        $localPath = (Get-WmiObject -ComputerName $serverName -Class "Win32_Share" -ErrorAction Stop | Where {$_.Name -eq $uncParts[1]}).Path
    }
    catch
    {
        $Context.LogMessage($_.Exception.Message, "Error")
        return
    }

    if ($localPath -eq $NULL)
    {
        $Context.LogMessage("Network folder with name '" + $uncParts[1] + "' was not found on '$serverName'", "Error")
        return
    }

    # Build path for the user folder
    $localPath = $localPath.TrimEnd("\")

    if ($uncParts.Length -gt 2)
    {
        for ($i = 2; $i -le $uncParts.Length -1; $i++)
        {
            $localPath += "\" + $uncParts[$i]
        }
    }

    # Create shared folder and set premissions for the user
    try
    {
        $shares = [WMICLASS]"\\$serverName\root\cimv2:Win32_Share"
    }
    catch
    {
        $Context.LogMessage($_.Exception.Message, "Error")
        return
    }

    # Create Security Descriptor Instance
    $sd = ([WMIClass]"Win32_SecurityDescriptor").CreateInstance()

    # Set premissions for user
    $ACE = ([WMIClass]"Win32_ACE").CreateInstance()
    $Trustee = ([WMIClass]"Win32_Trustee").CreateInstance()
    $Trustee.Name = "%username%"
    $Trustee.Domain = $Null
    $ace.AccessMask = $fileSystemAccessRights 
    $ace.AceFlags = 3 
    $ace.AceType = $accessControlType
    $ACE.Trustee = $Trustee
    $sd.DACL += $ACE.psObject.baseobject

    # Try share home folder
    $result = ($shares.Create($localPath, $shareName, 0, $maximumAllowed, $description, $NULL, $sd)).ReturnValue
    return $result
}

if (Test-Path -Path $homeFolderPath)
{
    $Context.LogMessage("Folder '$homeFolderPath' already exists", "Error")
    return
}

try
{
    $userFolder = New-Item -ItemType directory -Path $homeFolderPath -ErrorAction Stop
}
catch
{
    $Context.LogMessage($_.Exception.Message, "Error")
    return
}

# Set permissions for the shared folder
$homeFolderACL = Get-Acl $homeFolderPath
$acl = New-Object System.Security.AccessControl.FileSystemAccessRule("%username%","Modify","ContainerInherit,ObjectInherit","None","Allow")
$homeFolderACL.AddAccessRule($acl)

Set-Acl -path $homeFolderPath $homeFolderACL

$result = Create-Share $homeFolderPath $fileSystemAccessRights $accessControlType $description $maximumAllowed $shareName

$erroMSG = New-Object "System.ComponentModel.Win32Exception"

switch ($result)
 {
      0 {$Context.LogMessage("User folder shared successfully", "Information")}
      2 {$Context.LogMessage("User folder not shared: Access Denied", "Warning")}
      8 {$Context.LogMessage("User folder not shared: Unknown Error", "Warning")}
      9 {$Context.LogMessage("User folder not shared: Invalid Share Name", "Warning")}
      10 {$Context.LogMessage("User folder not shared: Invalid Level", "Warning")}
      21 {$Context.LogMessage("User folder not shared: Invalid Parameter", "Warning")}
      22 {$Context.LogMessage("User folder not shared: Duplicate Share", "Warning")}
      23 {$Context.LogMessage("User folder not shared: Redirected Path", "Warning")}
      24 {$Context.LogMessage("User folder not shared: Unknown Device or Directory", "Warning")}
      25 {$Context.LogMessage("User folder not shared: Network Name Not Found", "Warning")}
      default {$Context.LogMessage("User folder not shared: Unknown Error", "Warning")}
 }
0

Thanks very much! Worked like a charm! ;)

Related questions

0 votes
0 answers

We are trying to create a custom command to create a new network share folder and offline PST file for new users. Do you have any documentation to start our process with>

asked Jan 10, 2017 by willy-wally (3.2k points)
0 votes
1 answer

Good Morning, I've been working through some of my processes and I'm not looking to make sure the deletion of Home directories (both remote and standard) as well as ... for user deletion. If there are any questions or clarification needed, please let me know.

asked Oct 16, 2015 by jtop (680 points)
0 votes
1 answer

Hi, I would like to have a copy of Report "Errors in Adaxes log" and exlcude one or more specific Initiators in this report (cause they are generating a lot of errors ... this easy with default options? Or do I need to create an own report by script?

asked Oct 30, 2023 by wintec01 (1.1k points)
0 votes
1 answer

Hello, I have a sheduled task running. This task checks if a user is a member of a Licensed Office 365 Group with exchange online. If the user does not have an ... the on prem exchange mailbox and the exchange online mailbox? Thanks if you have an idea!

asked Feb 24, 2023 by fabian.p (150 points)
0 votes
1 answer

We have a 3rd party vendor that we are able to add users based on AD security groups. What I need to do is set a parameter for the number of available licenses and whenever ... the group is 495 I would like an email to trigger telling me to add more licenses.

asked Oct 12, 2022 by A_Pastor (70 points)
3,326 questions
3,026 answers
7,727 comments
544,684 users