src/Public/Repair-HomeAndProfilePermissions.ps1
|
#TODO Optional additional groups, e.g. adding staff group to student home folders #TODO Merge the home and profile repairs into a single repair-folderpermissions #TODO separate out the take ownership into a separate function. Need to look into whether this needs to be recursed so as not to break the inheritence settings #TODO separate out the adding of permissions into a separate function. This may also need to be recursed. #TODO Call the smaller functions directly from the main function and do away with the repair-folderpermissions altogether function Repair-HomeAndProfilePermissions { [CmdletBinding(DefaultParameterSetName = 'OU')] param ( [Parameter(Mandatory = $true, ValueFromPipeline = $true, Position = 0, ParameterSetName = 'OU')] [ValidateScript({ if ([string]::IsNullOrWhiteSpace($_)) { throw "OU cannot be blank." } elseif ($_ -match '^(OU=[\w\s]+)(,OU=[\w\s]+)*(,DC=[\w\s]+)+$') { $true } else { throw "OU format is invalid. Please use Distinguished Name format (OU=abc,DC=def)." } })] [string]$OU, [Parameter(Mandatory = $true, ValueFromPipeline = $true, Position = 0, ParameterSetName = 'Username')] [ValidateScript({ if ($_ -is [array] -and $_.Count -eq 0) { throw "Username cannot be blank." } elseif ($_ -is [string] -and [string]::IsNullOrWhiteSpace($_)) { throw "Username cannot be blank." } else { $true } })] [string[]]$Username, [Parameter()] [string]$HomePathTrim, [Parameter()] [switch]$RepairHome = $false, [Parameter()] [switch]$RepairProfile = $false ) begin { # Check for ActiveDirectory module if (-not (Get-Module -Name ActiveDirectory -ListAvailable)) { throw "ActiveDirectory module is not available." } if (-not $RepairHome -and -not $RepairProfile) { throw "You must specify at least one of the following switches: -RepairHome, -RepairProfile" } $script:Domain = (Get-ADDomain).distinguishedname $OU = "OU=Users,OU=cablers,$Domain" #All Users $HomePathTrim = "" # Use this if you need to trim part of the home path to get the whole folder, e.g. for "\\DC-SVR2\Home$\Username\My Documents" enter "\My Documents" here } process { # Populate user list with if ($OU) { $Users = Get-ADUser -Filter * -Properties SamAccountName, homedirectory, profilepath -SearchBase $OU -SearchScope Subtree } else { $Users = Get-ADUser $Username -Properties SamAccountName, homedirectory, profilepath } $totalUsers = $Users.Count $currentUserIndex = 0 foreach ($User in $Users) { $currentUserIndex++ $percentComplete = ($currentUserIndex / $totalUsers) * 100 Write-Progress -Activity "Repairing Home and Profile Permissions" -Status "Processing $($User.SamAccountName)" -PercentComplete $percentComplete Write-Host "Processing $($User.SamAccountName) - Home: $($User.homedirectory) - Profile: $($User.profilepath)" if ($RepairHome) { if ($null -eq $User.homedirectory) { Write-Host "No home directory set for user $user" -ForegroundColor Gray } else { Repair-HomeFolderPermissions -HomeFolder $User.homedirectory.replace($HomePathTrim, "") -Username $User.SamAccountName } } if ($RepairProfile) { if ($null -eq $User.profilepath) { Write-Host "No profile path set for user $user" -ForegroundColor Gray } else { Repair-ProfileFolderPermissions -ProfilePath "$($User.profilepath).V6" -Username $User.SamAccountName } } } Write-Progress -Activity "Repairing Home and Profile Permissions" -Completed } end { } } |