Comments on: Creating a User Account in Active Directory with PowerShell http://www.leadfollowmove.com/archives/powershell/creating-a-user-account-in-active-directory-with-powershell Adam Bell on Deployment, Automation, PowerShell et al Thu, 25 Feb 2010 23:14:19 +0000 hourly 1 http://wordpress.org/?v=3.0.1 By: AdamBell http://www.leadfollowmove.com/archives/powershell/creating-a-user-account-in-active-directory-with-powershell/comment-page-1#comment-249 AdamBell Tue, 17 Jul 2007 13:17:46 +0000 http://www.leadfollowmove.com/?p=44#comment-249 Hi Briano, Nice way of doing it. I wrote a function (see sample code page) that does the same thing, but isn't as elegant. It was something I wrote early on playing with PoSH, and so is VBScript centric. I like your PoSH way much better. Time to ferret out the library file and update it ;) Thanks for the comment. Cheers Adam Hi Briano,

Nice way of doing it. I wrote a function (see sample code page) that does the same thing, but isn’t as elegant.

It was something I wrote early on playing with PoSH, and so is VBScript centric. I like your PoSH way much better.

Time to ferret out the library file and update it ;)

Thanks for the comment.

Cheers

Adam

]]> By: Briano http://www.leadfollowmove.com/archives/powershell/creating-a-user-account-in-active-directory-with-powershell/comment-page-1#comment-248 Briano Tue, 17 Jul 2007 13:11:02 +0000 http://www.leadfollowmove.com/?p=44#comment-248 I used the following code to convert DN to FQDN: #get the DN $rootDSE = [ADSI]"LDAP://RootDSE" $domainDN = $rootDSE.Get("DefaultNamingContext") #convert the DN to FQDN $domainFQDN = $domainDN -replace(",dc=",".") -replace("dc=","") I used the following code to convert DN to FQDN:

#get the DN
$rootDSE = [ADSI]“LDAP://RootDSE”
$domainDN = $rootDSE.Get(“DefaultNamingContext”)

#convert the DN to FQDN
$domainFQDN = $domainDN -replace(“,dc=”,”.”) -replace(“dc=”,”")

]]> By: Peter {faa780ce-0f0a-4c28-81d2-3667b71287fd} http://www.leadfollowmove.com/archives/powershell/creating-a-user-account-in-active-directory-with-powershell/comment-page-1#comment-39 Peter {faa780ce-0f0a-4c28-81d2-3667b71287fd} Mon, 12 Mar 2007 18:41:14 +0000 http://www.leadfollowmove.com/?p=44#comment-39 Yeargh, my above function is giving me problems today, I'd like to retract this from the internet in general until I figure it out :) Yeargh, my above function is giving me problems today, I’d like to retract this from the internet in general until I figure it out :)

]]> By: Peter {faa780ce-0f0a-4c28-81d2-3667b71287fd} http://www.leadfollowmove.com/archives/powershell/creating-a-user-account-in-active-directory-with-powershell/comment-page-1#comment-20 Peter {faa780ce-0f0a-4c28-81d2-3667b71287fd} Fri, 16 Feb 2007 21:41:06 +0000 http://www.leadfollowmove.com/?p=44#comment-20 Nevermind, I found the solution in pure C# and adapted it for my full-user-setup script. Feel free to do...whatever...with it. 1. Link/citing source: http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=1204480&SiteID=1 2. Calling lines of code: #---------------- CreateHomeDirectory $username $u.put("homeDirectory", $homeDirectory) $u.put("homeDrive", $homeDrive) $u.setInfo() #-------------------- 3. Function: #--------------------- function CreateHomeDirectory { param([string]$username) trap { write-host "ERROR on account: $username" write-host "ID: " $_.ErrorID write-host "Message: "$_.Exception.Message break } $folderpath = "{0}{1}" -f $USER_ROOT_UNC, $username $folder = get-item $folderpath -ErrorAction SilentlyContinue if (-not $folder) { #see http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=1204480&SiteID=1 #this explains why you need to set three rules for one user. $folder = new-item $folderpath -itemtype directory -ErrorAction Stop #InheritanceFlags.ObjectInherit = 2 #PropogationFlags.InheritOnly = 2 $ar1 = new-object System.Security.AccessControl.FileSystemAccessRule($username,"FullControl",2,2,"Allow") #InheritanceFlags.ContainerInherit = 1 #PropogationFlags.InheritOnly = 2 $ar2 = new-object System.Security.AccessControl.FileSystemAccessRule($username,"FullControl",1,2,"Allow") $ar3 = new-object System.Security.AccessControl.FileSystemAccessRule($username,"FullControl","Allow") $acl = get-acl $folder $acl.AddAccessRule($ar1) $acl.AddAccessRule($ar2) $acl.AddAccessRule($ar3) set-acl $folder $acl -ErrorAction Stop } else { #ERROR. #home directory shouldn't already exist for a brand new user. #this is a potential collision - need to manually resolve. throw "user: $username - already has home directory of the same name." } } Nevermind, I found the solution in pure C# and adapted it for my full-user-setup script. Feel free to do…whatever…with it.

1. Link/citing source: http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=1204480&SiteID=1

2. Calling lines of code:

#—————-
CreateHomeDirectory $username
$u.put(“homeDirectory”, $homeDirectory)
$u.put(“homeDrive”, $homeDrive)
$u.setInfo()
#——————–

3. Function:

#———————
function CreateHomeDirectory
{
param([string]$username)

trap
{
write-host “ERROR on account: $username”
write-host “ID: ” $_.ErrorID
write-host “Message: “$_.Exception.Message

break
}

$folderpath = “{0}{1}” -f $USER_ROOT_UNC, $username
$folder = get-item $folderpath -ErrorAction SilentlyContinue
if (-not $folder)
{
#see http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=1204480&SiteID=1
#this explains why you need to set three rules for one user.

$folder = new-item $folderpath -itemtype directory -ErrorAction Stop
#InheritanceFlags.ObjectInherit = 2
#PropogationFlags.InheritOnly = 2
$ar1 = new-object System.Security.AccessControl.FileSystemAccessRule($username,”FullControl”,2,2,”Allow”)

#InheritanceFlags.ContainerInherit = 1
#PropogationFlags.InheritOnly = 2
$ar2 = new-object System.Security.AccessControl.FileSystemAccessRule($username,”FullControl”,1,2,”Allow”)

$ar3 = new-object System.Security.AccessControl.FileSystemAccessRule($username,”FullControl”,”Allow”)

$acl = get-acl $folder
$acl.AddAccessRule($ar1)
$acl.AddAccessRule($ar2)
$acl.AddAccessRule($ar3)
set-acl $folder $acl -ErrorAction Stop
}
else
{
#ERROR.
#home directory shouldn’t already exist for a brand new user.
#this is a potential collision – need to manually resolve.
throw “user: $username – already has home directory of the same name.”
}
}

]]> By: Peter {faa780ce-0f0a-4c28-81d2-3667b71287fd} http://www.leadfollowmove.com/archives/powershell/creating-a-user-account-in-active-directory-with-powershell/comment-page-1#comment-19 Peter {faa780ce-0f0a-4c28-81d2-3667b71287fd} Fri, 16 Feb 2007 19:03:25 +0000 http://www.leadfollowmove.com/?p=44#comment-19 I've built a similar script to create user accounts. My big question is: have you attempted to tackle setting up home folders? As far as I can tell, doing that in PowerShell is uncharted territory. Anyway, your user creation script is way nicer than mine :) I’ve built a similar script to create user accounts. My big question is: have you attempted to tackle setting up home folders? As far as I can tell, doing that in PowerShell is uncharted territory. Anyway, your user creation script is way nicer than mine :)

]]>