3

So, I'm taking the dive into PowerShell. I've been tasked with redoing permissions on every home folder in the domain (they do not all fall under the same sub-directory - that would be too easy). I have a batch script written that takes two parameters: user name, and home folder path and pumps them through SetACL.

I want to use PowerShell to get the user names and home folders for every user in an OU. So far, I can get the user names, but I cannot figure out how to get the home directories.

This is my PowerShell so far (borrowed from various sources across the web):

$Dom = "LDAP://OU=Accounts,DC=myDomain,DC=local" $Root = New-Object DirectoryServices.DirectoryEntry $Dom # Create a selector and start searching from the Root of AD $selector = New-Object DirectoryServices.DirectorySearcher $selector.SearchRoot = $root $Selector.pagesize = 20000 # Basically this will only grab user accounts and not computer accounts. $adobj= $selector.findall() | where { $_.properties.objectcategory -match "CN=Person*" } foreach ($person in $adobj) { $prop=$person.properties Write-host "$($prop.cn)" }

I'm eventually going to pipe the Write-host line into the setACL batch file, but I'm just writing the output for now to make sure that it's accurate. I've tried adding$($prop.homeDirectory) to the Write-host line with no luck.

Any pointers or suggestions?

Improve this question

3 Answers 3

Reset to default
6

Microsoft has updated their Active Directory powershell module and it is included with RSAT. Should you not want to use a third-party's modules, the following lists the sAMAaccountName and homeDirectory attributes for all users in the "JustAnOrgUnit" OU -- pretty much the same as @nimizen's answer, just without the Quest requirement.

Import-Module ActiveDirectory Get-ADUser -SearchBase "OU=JustAnOrgUnit,DC=example,DC=com" -Filter * -Property * | Select-Object -Property sAMAccountName,homeDirectory | Export-CSV -Path C:\somefile.csv
Improve this answer
1
  • I'm a big fan of native tools over 3rd party tools whenever possible. Commented Jun 3, 2011 at 18:18
2

Use Quest's AD cmdlets, they're free and really simplify this sort of thing.

You can get them from http://www.quest.com/powershell/activeroles-server.aspx

Once you have those loaded, try the following script but also have a read around the Get-QADUser cmdlet.

$csvfile = "C:\somefile.csv" $root = "OU=Accounts,DC=myDomain,DC=local" get-qaduser -SearchRoot $root ` -ObjectAttributes @{homeDirectory=’*'} -IncludeAllProperties | ` Select-Object LogonName,HomeDirectory | ` Export-Csv $csvfile
Improve this answer
2
  • +1, this seems to be working well. I'm going to run it against the 20k object OU that I want with the -SizeLimit set to 0 and see what I get. I'd still like to know what I was doing wrong above though, any idea? Commented Sep 4, 2010 at 1:43
  • 1
    No need to use -IncludeAllProperties, HomeDirectory is returned in the default output of Get-QADUser. You also need to specify '-SizeLimit 0' to be able to bypass the default 1000 objects limitation. Get-QADUser -SizeLimit 0 -SearchRoot "OU=Accounts,DC=myDomain,DC=local" -HomeDirectory * | Select-Object LogonName,HomeDirectory | Export-Csv C:\somefile.csv Mark, add these lines to your script: $selector.Filter = "(&(objectclass=user)(objectcategory=person)(HomeDirectory=*))" $selector.findall() | foreach {$_.properties.homedirectory) Commented Sep 4, 2010 at 20:17
1

Here is how to update it on each homeDirectory without using multiple tools, and run through each account on-by-on from an OrgUnit and recursively go through each subOU too.

# source ACL required $NewAcl = Get-Acl -Path "C:\directory\as\template" # load active directory powershell module (requires RSAT installed) Import-Module -Name ActiveDirectory -Force # get all AD Users in OU from example, then set new Acl from source directory on their home directory paths Get-ADuser -Filter * -SearchBase "OU=Accounts,DC=myDomain,DC=local" -Properties homeDirectory | ForEach-Object { $homedir = $_.'homeDirectory' try { # set acl settings Set-Acl -Path $homedir -AclObject $NewAcl -Confirm:$false -ErrorAction Stop # write output to console if successful Write-Output "Successfully updated ACL settings for ${homedir}" } catch { Write-Output "Unable to update ACL settings on ${homedir}" } }
Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.