How To Setup Home Drives, Home Folders and Login ScriptsHow To Setup Home Drives, Home Folders and Login Scripts Automatically
Good morning class! This isn't duplicate content. This is valuable! I don't want the HOME-DRIVES part of the other article lost. So here it is:
- -setup a "users" folder on the server.
- -share the folder as: users$
- -set share-permissions to: EVERYONE=FULL-ACCESS.
- -set ntfs-permissions > disable-inheritance.
- -set ntfs-permissions: DOMAIN-USERS (or other sub-group is large domain) > this-folder-only = Traverse | Create-Folders
- -set ntfs-permissions: CREATOR OWNER > Subfolders-and-files = Full-Control
- -set ntfs-permissions: SYSTEM > this-folder-Subfolders-and-files = Full-Control
- -set ntfs-permissions: DOMAIN-ADMINS > this-folder-Subfolders-and-files = Full-Control
- -run powershell (as admin).
- -to get the values, type: get-aduser foo.user -properties homedrive, homedirectory, scriptpath
- -to clear the values, type: set-aduser foo.user -clear homedrive, homedirectory, scriptpath
- -to set the values, type: set-aduser foo-user -homedrive Z -homedirectory \\<server-name>\users$\foo.user -scriptpath logonscriptfilenamehere
We used to use %username% as a variable. But that doesn't work in powershell. However if you want to get same, it's a little long winded:
- -type: $username = (get-aduser foo.user -properties samaccountname |foreach { $_.samaccountname }).ToString()
- -type: set-aduser $username -homedrive Z -homedirectory \\<server-name>\users$\$username -scriptpath logonscriptfilenamehere
$username should be left as is. The folder will automatically be created and named exactly as the username! Too bad it doesn't automatically create the folder permissions like the GUI does in AD.
To set the permissions:
- -type: icacls("\\<server-name>\users$\'$username'") /grant ("$username" + ':(OI)(CI)F') /T
For an entire Domain or OU
How about for the whole domain or for an OU. Forget the long-winded scripts you see plastered all over the internet:
- -to get the values, type:
get-aduser -filter * -searchbase "ou=<location>,ou=<users>,dc=<domain-name>,dc=com" -properties homedrive, homedirectory, scriptpath |ft name, homedrive, homedirectory - -to clear the values, type:
get-aduser -filter * -searchbase "ou=<location>,ou=<users>,dc=<domain-name>,dc=com" |set-aduser -clear homedrive, homedirectory, scriptpath - -to set the values, type:
$usernames = (get-aduser -filter * -searchbase "ou=<location>,ou=<users>,dc=<domain-name>,dc=com" -properties samaccountname |foreach { $_.samaccountname })
foreach ($username in $usernames) {set-aduser $username -homedrive Z -homedirectory \\<server-name>\users\$username -scriptpath logonscriptname} - -to set the permissions, type:
$userfolder = "\\<server-name>\users$\"
foreach ($username in $usernames) {icacls ("$userfolder" + "$username") /grant ("$username" + ':(OI)(CI)F') /T}
!!!Please double-check and triple-check to make sure you have the correct punctuation above. This can be a career-changing event if you get this wrong!!!
NOTES:
Hopefully, it is obvious that <location>, <users>, <file-name> and <domain-name> should be replace/adjusted/deleted/added with your values.
https://windowsserveressentials.com/2012/10/29/powershell-make-it-do-something-useful/
Users Complain that the HomeDrive is Not Available in VPN Connections
Since the user logs in without being connected to the domain, the homedrive is not setup correctly. You can use the following GPO to get connected so that the homedrive is also a mapped drive which will be available upon vpn.
user-configuration > preferences > windows-settings >drive-maps
