Thursday, June 28, 2012

Powershell scripts for AD-deployments

Some usefull scripts for AD-deployment in server 2008 r2 with powershell.

To Create homefolders:

$dataSource=import-csv “users.csv”
Set-Location "d:\data\users"
 


foreach($dataRecord in $datasource) {
$name=$dataRecord.FirstName + ”.” + $dataRecord.LastName
 
New-Item $name -type directory
}

To create the users:

#Change here to correspond to your domainenvironment
$objOU=[ADSI]“LDAP://OU=ClientUsers,DC=contoso,DC=local”

#Set homedir if needed remove if dont
$homedrive="h:"
$homedir="\\fileserver\users\"

$dataSource=import-csv “users.csv”
foreach($dataRecord in $datasource) {
$cn=$dataRecord.FirstName + ” ” + $dataRecord.LastName

#check if lastname is empty.
if (!$dataRecord.LastName) {
$dataRecord.LastName=" "
$sAMAccountName=$dataRecord.FirstName
}
else {
$sAMAccountName=$dataRecord.FirstName + “.” + $dataRecord.LastName

}

$givenName=$dataRecord.FirstName
write-host "Creating user :"$sAMAccountName
$sn=$dataRecord.LastName
$sAMAccountName=$sAMAccountName.ToLower()

$displayName=$sn + “ ” + $givenName

$homediruser=$homedir+""+$sAMAccountName
$userPrincipalName=$sAMAccountName + “@sb.local”
$objUser=$objOU.Create('user','CN='+$cn)
$objUser.Put(“sAMAccountName”,$sAMAccountName)
$objUser.Put(“userPrincipalName”,$userPrincipalName)
$objUser.Put(“displayName”,$displayName)
$objUser.Put(“givenName”,$givenName)
$objUser.Put(“sn”,$sn)
#remove below if homedrive isn't used.
$objUser.Put("HomeDrive",$homedrive)
$objUser.Put("HomeDirectory",$homediruser)
$objUser.SetInfo()
$objUser.SetPassword("P@ssw0rd")
$objUser.psbase.InvokeSet(“AccountDisabled”,$false)
$objUser.SetInfo()
write-host "User :"$sAMAccountName" created"

}
write-host "Users created"

 

Above script imports users from csv file looking like this:

FirstName,LastName
John,Doe

 

Also to set permissions the following might work, i’ve already forgotten. anyways it might almost work with some modifications.

 

#script to give full control NTFS permissions on a directory to the domain user with the same name of that directory

#script settings

$domain = “contoso.local”

$root = “d:\data\users\”

#don’t edit below here
$folders = Get-ChildItem $root

ForEach ($folder in $folders)

{

$username = $domain+“\”+$folder

$permissions = Get-Acl $folder

$userpermissions = New-Object System.Security.AccessControl.FileSystemAccessRule($username,“FullControl”, “ContainerInherit, ObjectInherit”, “None”, “Allow”)
$permissions.AddAccessRule($userpermissions)

Set-Acl $folder $permissions

Write-Host “Set permissions on $folder for $username”

}

I don’t take cred for creating the scripts from scratch. I found them on the net, but was in a rush at the time so i didn’t note the address. They weren’t perfect to begin with, but i’ve modified them so they work for my purposes.

next step would be to add them to groups auto, but this is step is fairly painless in the gui so we’ll hold of on that for the time being.

Tuesday, June 26, 2012

RDS–Disable Office update settings

When first time users start their Office it’s nice to not have to specify how you want updates to be installed.

Especially on a Remote Desktop Server, where the user don’t have the permissions for it anyways.

To get rid of it

1. Download Office 2010 Administrative Templates

2. Create new GPO>Add Template for Office 2010

3. In Microsoft Office 2010 > Privacy > Trust Center > Enable (Disable Opt-in Wizard on first run)

4. Apply GPO to the user OU.

References:

http://www.microsoft.com/en-us/download/details.aspx?id=18968

Monday, June 11, 2012

IE9 + Outlook 2003 = preview.js

Problem started when installing IE9 on a Remote Desktop Server running Server 2008 with Outlook 2003 installed. 2003 you say? Yes it’s a customer licens and they don’t want to upgrade.

Symptoms: Script error displayed when trying to print an email image

Solution 1:

HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\Printing
Create a DWORD and name it "Force RTF Printing" (without the ") and give it the value 1 (hex).

This has to be done for all users, which isn’t optimal.

Solution 2:

Create Fonts catalog in %homedrive%\%homepath%\ In this case h:\Windows\Fonts

This solution seemed easier to automate so went with this.

Rolled out via GPO Preference for this particular RDServer. image

image

Don’t forget checkbox for “Run in logged-on users sec….”.

References:

http://blogs.technet.com/b/mrsnrub/archive/2011/11/03/script-error-res-ieframe-dll-preview-js-trying-to-print-from-outlook-2003-in-a-rs-rds-session-with-ie9-installed.aspx

http://support.microsoft.com/kb/2647169

http://www.slipstick.com/outlook/2003/print-errors-in-outlook-2003-with-ie9-installed/