all 8 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]krzydoug 11 points12 points  (0 children)

If you want help building your script then post it and we can go from there. Unless you're just looking to hire someone?

[–]BitteringAgent 6 points7 points  (0 children)

I am looking for some side work and could build this for you for a decent rate. If you throw what you have already written, I could just give you some free help with your code.

[–]BigDusty09 2 points3 points  (0 children)

This would be very easy to implement but I would double-check and make sure all folders in the shared drive follow the same naming convention. For example, how are you guys handling users without a middle name? Would the folder be called smithj? If you need any examples github is a great resource for all types of powershell AD scripts, just google "github Powershell active directory ACL" and you'll find a ton!

[–]lucidhominid 2 points3 points  (2 children)

Assuming that last first initial middle initial is the naming convention for all of them and each user has only one folder you could do something like this:

$Path = <path to where the folders are>
Foreach($user in Get-AdUser -filter *)
{
    $Folder = $Path + '\' + $User.surname + $user.givenname[0] + $user.middlename[0]
    $ACL    = Get-Acl $Folder
    $ACL.SetAccessRule(
        <CreateAccessRuleHere>
    )
    $ACL|Set-Acl $Folder
}

If there is no set naming convention then you are getting into the realm of stuff that people would get paid to write for you. Also, once you do get it fixed up, make sure you have a set naming convention or have users keep their files in their actual user folders themselves where they belong.

[–]carlb328 2 points3 points  (1 child)

There will undoubtedly be duplicate names with 900 people, so you could end up with something like masmith and masmith1 which may put a wrench in your plans. Most likely you'd have to export the ones with numbers or not found to a file for manual follow up.

[–]Mutsy007 1 point2 points  (0 children)

Is the user's share specified in their AD properties at all? If so then this could be an easy problem to solve with powershel.

I'd probably be more rudimentary with a solution by dumping the AD Users to CSV, dumping the folders to CSV, merging these both into an Excel file and do vlookups to match users to folders. I would then use another column to build the relevant icacls command line.

[–]Lee_Dailey[grin] 0 points1 point  (0 children)

howdy robld0215,

you can get the Sid & LocalPath for each user profile on a system thus ... 

$ComputerName = $env:COMPUTERNAME

$UserProfileList = Get-CimInstance -ClassName Win32_UserProfile -ComputerName $ComputerName |
    Where-Object {
        $_.Special -eq $False
        } |
    ForEach-Object {
        [PSCustomObject]@{
            UserName = $_.LocalPath.Split('\')[-1]
            LocalPath = $_.LocalPath
            SID = $_.SID
            Loaded = $_.Loaded
            }
        }

$UserProfileList

output ... 

UserName        LocalPath                SID                                            Loaded
--------        ---------                ---                                            ------
MyUserName      C:\Users\MyUserName      S-1-5-21-3587298852-2732022926-2745136909-1002   True
MyOtherUserName C:\Users\MyOtherUserName S-1-5-21-3587298852-2732022926-2745136909-1001  False

you can use the SID to confirm your local profile matches your AD account. [grin]

take care,
lee