Author Posts

January 1, 2012 at 12:00 am

by MattNZ at 2012-11-02 15:55:11

Hi all,

Being totally new to powershell, Id like import my users avoiding the limited GUI tools. Ive put together 3 scripts that appear to work, id just like to combine them.
So far I've managed to:

#Import Users from CSV
Import-csv c:\new2013.csv | ForEach-Object {New-ADUser
-SamAccountName $_.SamAccountName
-Name $_.Name
-GivenName $_.FirstName
-Surname $_.Surname -Description $_.Description
-DisplayName $_.DisplayName
-HomeDirectory $_.HomeDirectory
-HomeDrive $_.HomeDrive
-AccountPassword (ConvertTo-SecureString $_.Password -AsPlainText -force)
-ChangePasswordAtLogon $True
-Enabled $True
-EmailAddress $_.EmailAddress
-UserPrincipalName $_.EmailAddress}

Create a folder on the home share: (using the CSV again):
Import-csv c:\new2013.csv | ForEach-Object {New-Item -ItemType Directory -Path \\file\home$ -name $_.SamAccountName}
And then change the ACL's to suit (thanks to this link for this)
Import-csv c:\new2013.csv | ForEach-Object {
$user = $_.SamAccountName
$acl = get-acl \\file\home$\$user
$acl.SetAccessRuleProtection($True, $False)
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule("Administrators","FullControl", "ContainerInherit, ObjectInherit", "None", "Allow")
$acl.AddAccessRule($rule)
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule("Staff","FullControl", "ContainerInherit, ObjectInherit", "None", "Allow")
$acl.AddAccessRule($rule)
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule("$user","Modify", "ContainerInherit, ObjectInherit", "None", "Allow")
$acl.AddAccessRule($rule)
Set-Acl \\file\home$\$user $acl}

If there is a nice way to combine all this into one import id like to know how. 🙂

by coderaven at 2012-11-02 20:53:14

from what you have just keep with it in your foreach-object loop like so

Import-csv c:\new2013.csv | ForEach-Object {
#Creating user
New-ADUser
-SamAccountName $_.SamAccountName
-Name $_.Name
-GivenName $_.FirstName
-Surname $_.Surname -Description $_.Description
-DisplayName $_.DisplayName
-HomeDirectory $_.HomeDirectory
-HomeDrive $_.HomeDrive
-AccountPassword (ConvertTo-SecureString $_.Password -AsPlainText -force)
-ChangePasswordAtLogon $True
-Enabled $True
-EmailAddress $_.EmailAddress
-UserPrincipalName $_.EmailAddress}

#Creating User Home Drive Folder
New-Item -ItemType Directory -Path \\file\home$ -name $_.SamAccountName

#Setting Permission on new Home drive folder
$user = $_.SamAccountName
$acl = get-acl \\file\home$\$user
$acl.SetAccessRuleProtection($True, $False)
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule("Administrators","FullControl", "ContainerInherit, ObjectInherit", "None", "Allow")
$acl.AddAccessRule($rule)
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule("Staff","FullControl", "ContainerInherit, ObjectInherit", "None", "Allow")
$acl.AddAccessRule($rule)
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule("$user","Modify", "ContainerInherit, ObjectInherit", "None", "Allow")
$acl.AddAccessRule($rule)
Set-Acl \\file\home$\$user $acl
}

by MattNZ at 2012-11-02 22:52:13

Hi coderaven,
Ok ill give that a go... pretty easy huh – I thought I had tried that while experimenting but probably messed up the curly brackets or something.
Will let you know when I try back at work.

Cheers.