src/CreateHomeDrives.ps1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
function New-SkolniLoginHomeDrive {
    [CmdletBinding()]
    param (
        [Parameter(ValueFromPipeline, Mandatory = $true)]
        $User,
        [Parameter(Mandatory = $true)]
        [string]$Path,
        [Parameter(Mandatory = $true)]
        [string]$Letter,
        [bool]$Force = $false
    )
    process {
        Write-Debug "Creating homedrive for $($User.sAMAccountName)"
        
        $adUser = Get-ADUser $User.SamAccountName -Properties "HomeDirectory", "HomeDrive"

        $UserPath = $Path.Replace("{username}", $adUser.sAMAccountName);
        $strippedUpn = $adUser.UserPrincipalName.Split("@")
        $UserPath = $Path.Replace("{strippedUpn}", $strippedUpn[0]);

        if ($adUser.HomeDirectory -and $Force -eq $false) {
            Write-Host "User $($User.sAMAccountName) has homedrive set already. Skipping..."
        }
        else {
            $directory = Get-Item -Path $UserPath -ErrorAction SilentlyContinue
            if ($directory) {
                Write-Host "Directory $UserPath already exists, only adding it to the user's profile."
                if ($adUser.HomeDrive -ne $Letter -and $adUser.HomeDirectory -ne $UserPath) {
                    Set-ADUser -Identity $User.sAMAccountName -Replace @{HomeDirectory = $UserPath; HomeDrive = $Letter}
                }
                else {
                    Write-Debug "User already has correct attributes set. Skipping..."
                }
            }
            else {
                New-Item -ItemType Directory -Path $UserPath

                $Domain = Get-ADDomain

                $UsersAm = "$($Domain.NetBIOSName)\$($User.sAMAccountName)"
                $FileSystemAccessRights = [System.Security.AccessControl.FileSystemRights]::FullControl
                $InheritanceFlags = [System.Security.AccessControl.InheritanceFlags]::"ContainerInherit", "ObjectInherit"
                $PropagationFlags = [System.Security.AccessControl.PropagationFlags]::None
                $AccessControl = [System.Security.AccessControl.AccessControlType]::Allow 
                $NewAccessrule = New-Object System.Security.AccessControl.FileSystemAccessRule `
                ($UsersAm, $FileSystemAccessRights, $InheritanceFlags, $PropagationFlags, $AccessControl)
        
                $currentACL = Get-ACL -path $UserPath
                $currentACL.SetOwner((New-Object System.Security.Principal.NTAccount($UsersAm)))
                $currentACL.AddAccessRule($NewAccessrule)
                Set-ACL -Path $UserPath -AclObject $currentACL

                Set-ADUser -Identity $User.sAMAccountName -Replace @{HomeDirectory = $UserPath; HomeDrive = $Letter}
            }
        }
    }
}