Some usefull scripts for AD-deployment in server 2008 r2 with powershell.
To Create homefolders:
$dataSource=import-csv “users.csv”
Set-Location "d:\data\users"
foreach($dataRecord in $datasource) {
$name=$dataRecord.FirstName + ”.” + $dataRecord.LastName
New-Item $name -type directory
}
To create the users:
#Change here to correspond to your domainenvironment
$objOU=[ADSI]“LDAP://OU=ClientUsers,DC=contoso,DC=local”#Set homedir if needed remove if dont
$homedrive="h:"
$homedir="\\fileserver\users\"$dataSource=import-csv “users.csv”
foreach($dataRecord in $datasource) {
$cn=$dataRecord.FirstName + ” ” + $dataRecord.LastName#check if lastname is empty.
if (!$dataRecord.LastName) {
$dataRecord.LastName=" "
$sAMAccountName=$dataRecord.FirstName
}
else {
$sAMAccountName=$dataRecord.FirstName + “.” + $dataRecord.LastName}
$givenName=$dataRecord.FirstName
write-host "Creating user :"$sAMAccountName
$sn=$dataRecord.LastName
$sAMAccountName=$sAMAccountName.ToLower()$displayName=$sn + “ ” + $givenName
$homediruser=$homedir+""+$sAMAccountName
$userPrincipalName=$sAMAccountName + “@sb.local”
$objUser=$objOU.Create('user','CN='+$cn)
$objUser.Put(“sAMAccountName”,$sAMAccountName)
$objUser.Put(“userPrincipalName”,$userPrincipalName)
$objUser.Put(“displayName”,$displayName)
$objUser.Put(“givenName”,$givenName)
$objUser.Put(“sn”,$sn)
#remove below if homedrive isn't used.
$objUser.Put("HomeDrive",$homedrive)
$objUser.Put("HomeDirectory",$homediruser)
$objUser.SetInfo()
$objUser.SetPassword("P@ssw0rd")
$objUser.psbase.InvokeSet(“AccountDisabled”,$false)
$objUser.SetInfo()
write-host "User :"$sAMAccountName" created"}
write-host "Users created"
Above script imports users from csv file looking like this:
FirstName,LastName
John,Doe
Also to set permissions the following might work, i’ve already forgotten. anyways it might almost work with some modifications.
#script to give full control NTFS permissions on a directory to the domain user with the same name of that directory
#script settings
$domain = “contoso.local”
$root = “d:\data\users\”
#don’t edit below here
$folders = Get-ChildItem $rootForEach ($folder in $folders)
{
$username = $domain+“\”+$folder
$permissions = Get-Acl $folder
$userpermissions = New-Object System.Security.AccessControl.FileSystemAccessRule($username,“FullControl”, “ContainerInherit, ObjectInherit”, “None”, “Allow”)
$permissions.AddAccessRule($userpermissions)Set-Acl $folder $permissions
Write-Host “Set permissions on $folder for $username”
}
I don’t take cred for creating the scripts from scratch. I found them on the net, but was in a rush at the time so i didn’t note the address. They weren’t perfect to begin with, but i’ve modified them so they work for my purposes.
next step would be to add them to groups auto, but this is step is fairly painless in the gui so we’ll hold of on that for the time being.
