Set Owner by Folder Name Recursivly Powershell

Question

I have a persmissions problem, on our Fileserver, where the NTFS Owner was not copied correctly, these are Citrix UPM Profiles, I found a script, for this but it does not work recursivly:

 $Path = "\\fs01\profiles$\" cls $Log = "C:\setowner.log" Add-Content -Value "$(Get-Date): Script begins" -Path $Log Add-Content -Value "$(Get-Date): Processing folder: $Path" -Path $Log $Dirs = Get-ChildItem -Path "$Path\*" -recurse | Where { $_.PSisContainer } $UserError = @() ForEach ($Dir in $Dirs) { $User = Split-Path $Dir.Fullname -Leaf Try { Add-Content -Value "$(Get-Date): Testing $($User): $($Dir.Fullname)" -Path $Log $Test = Get-ADUser $User -ErrorAction Stop $ACL = Get-Acl $Dir -ErrorAction Stop #Set owner to user $ACL.SetOwner([System.Security.Principal.NTAccount]$User) Set-Acl -path $Dir -AclObject $ACL -ErrorAction Stop Add-Content -Value "$(Get-Date): Owner $User set successfully" -Path $Log } Catch { Add-Content -Value "$(Get-Date): Unable to process $($Dir.Fullname) because $($Error[0])" -Path $Log } } Add-Content -Value "$(Get-Date): Script completed" -Path $Log 

I set the "-recurse in Line 9, but of course this does not work, as the script will try to set the owner to the deepest folder, for example: \fs01\profiles$\username\citrix\folderxyz -> The Script will try to set the owner to "folderxyz" but it should set it to "username".

It should be in Lines 12-14:

{ $User = Split-Path $Dir.Fullname -Leaf Try { Add-Content -Value "$(Get-Date): Testing $($User): $($Dir.Fullname)" -Path $Log 

I do not know, how I could accomplish my goal, and I didnt find anything about this... I hope someone can help... Thank you!

Answer 1

I found a solution for my problem, not really any automation, but it worked...

I used the Software Set-ACL Studio, I could see the owner of the folder with one click and reset the owner for all child items, this worked perfectly, of course it was a lot of clicking around, and took me about ~30 Minutes, but the problem is solved now...

Download Set-Acl Studio: https://helgeklein.com/download/

Documentation Set-Acl Studio: https://helgeklein.com/setacl-studio/

Thank you!

Answer 2

Why do you get the ADUser and don't use it?

You'll need an enclosing forEach iteratng the the profile folders.

Untested:

$Path = "\\fs01\profiles$\" $Log = "C:\setowner.log" Add-Content -Value "$(Get-Date): Script begins" -Path $Log Add-Content -Value "$(Get-Date): Processing folder: $Path" -Path $Log ForEach ($UserProfile in (Get-ChildItem -Path "$Path\*"|Where {$_.PSisContainer })){ $ADUser = Get-ADUser $UserProfile.Name -ErrorAction Stop ForEach ($Dir in (Get-ChildItem -Path $USerProfile.FullName -recurse|Where {$_.PSisContainer})) { Try { Add-Content -Value "$(Get-Date): Testing $($User): $($Dir.Fullname)" -Path $Log $ACL = Get-Acl $Dir -ErrorAction Stop #Set owner to user $ACL.SetOwner([System.Security.Principal.NTAccount]$ADUser) Set-Acl -path $Dir -AclObject $ACL -ErrorAction Stop Add-Content -Value "$(Get-Date): Owner $User set successfully" -Path $Log } catch { Add-Content -Value "$(Get-Date): Unable to process $($Dir.Fullname) because $($Error[0])" -Path $Log } } } Add-Content -Value "$(Get-Date): Script completed" -Path $Log 

You may need to add another try catch for getting the ADUser.