| « Migrating a Windows XP VMware VM to a VirtualBox one | Getting logs centralized... » |
Create folder for each AD user
[UPDATED] Ooops, i’ve modified the link to the script as it was not working…
What I’ve been facing lately is to create folders on a Microsoft file server for every users listed in a specific OU in Active Directory.
To create these “home directories” with as less pain as possible, I’ve chosen to do it using a script 
The script can be found here
More details there
Follow up:
1/ Get the list of AD user in a OU
Define an object that will be used to get the root of the AD domain:
Set objRootDSE = getobject("LDAP://RootDSE")
strRoot = objRootDSE.Get("DefaultNamingContext")
Define the OU name you want to get a list of users from. This def can be empty. If not, it must end with a comma:
strOU = "ou=my_OU,"
Define a filter to get only the requested objects. Here only users will be listed:
strfilter = "(&(objectCategory=Person)(objectClass=User))"
As the folder name will be the login of the user, only the login will be fetched:
strAttributes = "sAMAccountName,"
All OU child entries will be checked:
strScope = "subtree"
Prepare the connection
set cn = createobject("ADODB.Connection")
set cmd = createobject("ADODB.Command")
cn.open "Provider=ADsDSOObject;"
cmd.ActiveConnection = cn
Define the LDAP query: User logins from the OU and subOU will be fetched
cmd.commandtext = "<LDAP://" & strOU & strRoot & _ ">;" & strFilter & ";" & _ strAttributes & ";" & strScope
Execute the query
set rs = cmd.execute
2/ Work with the record set to create directories:
Define a filesystem object to handle directories:
Set objFSO = CreateObject("Scripting.FileSystemObject")Start with the first element of the result set:
rs.MoveFirst
A loop is defined to go through the result set. To make it “admin friendly", a few message are displayed.
A test is done in order to know if the folder already exists or not.
Do Until rs.EOF
' Get the user login
userLogin = rs.Fields(0).Value
Wscript.Echo userLogin & " :"
' Test if the user home directory exists or not
If objFSO.FolderExists("\\fileserver\UserDir$\" & userLogin) Then
' Don't do anything but display a message if the folder already exists.
Wscript.Echo "Folder \\fileserver\UserDir$\" & userLogin & " already exists."If the folder does not exist, it is created, with inheritance of permissions from the root directory.
Else
' Create the directory and set the permissions using XCACLS.vbs MS script.
Wscript.Echo "Creating folder: " & "\\fileserver\UserDir$\" & userLogin
Set objFolder = objFSO.CreateFolder("\\fileserver\UserDir$\" & userLogin)
Set WshShell = WScript.CreateObject("WScript.Shell")The permissions are then changed to grant full access to the user to his directory. This is done using the XCACLS.vbs script from Microsoft.
Wscript.Echo "Setting permissions on folder: " & "\\fileserver\UserDir$\" & userLogin
WshShell.Run "cscript G:\Scripts\XCACLS.vbs \\fileserver\UserDir$\" & _
userLogin & " /I COPY /R DOMAINNAME\USERGROUP /G DOMAINNAME\" & _
userLogin & ":F /O DOMAINNAME\" & userLoginIn my case, the inherited permissions were granted access to a user group (DOMAIN\USERGROUP)that is to be revoked. Then the created directory ownership is set to the user. The user is being given full access to his directory.
Last (and even least?), destroy any no longer used var and end the loop!
Set WshShell = Nothing
Set objFolder = Nothing
End If
rs.MoveNext
LoopEnjoy!
2 comments
looks very interesting!
bookmarked your blog.
good luck!
john brightman
USERS->DOMAIN 1 & USERS->DOMAIN 2
How can we separate it to drop their folders in those locales respectively?
Cheers,
Steve
Comment feed for this post