Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
param (
$DebugFilePath = "C:\PROGRA~1\MICROS~4\2010\SYNCHR~1\EXTENS~2\HomeDir\homefolder\DebugHomeFolderMA.txt"
if(!(Test-Path $DebugFilePath))
{$DebugFile = New-Item -Path $DebugFilePath -ItemType File}
{$DebugFile = Get-Item -Path $DebugFilePath}
"Starting Export : " + (Get-Date) | Out-File $DebugFile -Append
#Initialize Parameters
$Identifier = $_.Identifier
$objectGuid = $_.DN
$errorstatus = "success"
$ErrorName = "success"
$ErrorDetail = $null
$date = Get-Date -Format "yyyy-MM-dd"
# Get existing values for home directory attributes
$curUser = New-Object System.DirectoryServices.DirectoryEntry "LDAP://<GUID=$objectGuid>", $Username, $Password
$curHomeDirectory = $curUser.homeDirectory.Value
$curHomeDrive = $curUser.homeDrive.Value
$account = $curUser.sAMAccountName.Value
#Writing curUser to debug file
"Processing : " + $_.DN | Out-File $DebugFile -Append
"No of Changes : " + $_.ChangedAttributeNames.Count | Out-File $DebugFile -Append
### --- FUNCTIONS --- ###
#NOTE! Function calls from the script will generate output to the pipeline unless catched by parameter.
#This output will be seen as errors when running the MA
#Call functions using $catch = FunctionName param1 param2
#Function for adding AccessRule to folder
#$A = Account in the format "AccountName"
#$F = Folder
#$P = Permission to assign. Modify, Read or FullControl typically
#Inheritence is added by default.
function AddAccessRule($F, $A, $P)
$errorstatus = "success"
$acl = Get-Acl $F
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule($A,$P,"ContainerInherit,ObjectInherit","None","Allow")
# Assign the permissions one level up as when we did the create of the home directory we also created the hdrive subdirectory.
Set-Acl -Path $F.Parent.FullName -AclObject $acl -errorvariable $err
if ( $err ) {throw $err}
Catch [exception]
"Error in AddAccessRule" | Out-File $DebugFile -Append
$ErrorName = "Script Error"
$errordetail = $error[0].exception
#Function for setting homeDirectory and homeDrive attribute on user in AD
#Dir = Full homeDirectory path in the format \\server\share\username
#Drive = The drive letter to use, H:
function UpdateUser($Dir,$Drive)
$curUser.homeDirectory.Value = $Dir
$curUser.homeDrive.Value = $Drive
$curUser.homeDirectory.Value = $null
$curUser.homeDrive.Value = $null
### --- End of FUNCTIONS --- ###
### --- MAIN SCRIPT --- ###
#Loop through changes and update parameters
foreach ($can in $_.ChangedAttributeNames)
foreach ($ValueChange in $_.AttributeChanges[$can].ValueChanges)
if ( $can -eq 'homeFolderPath' ){$homeFolderPath = $ValueChange.Value}
if ( $can -eq 'homeDrive' ){$homeDrive = $ValueChange.Value}
#Verify changetype.
if ($_.ObjectModificationType -eq 'Add')
# adds are caught by importing new objects from Active Directory (see import script)
# and joining these to existing user objects on the metaverse
throw "Add modification are not supported"
if ($_.ObjectModificationType -eq 'Delete')
# deletes are caught by importing deleted objects (isDeleted) from Active
# Directory (see import script). This way we clear up the CS
throw "Delete modification are not supported"
#Supported ChangeType is Replace
if ($_.ObjectModificationType -match 'Replace')
# Create homedirectory for brand new users only.
if(-not($curHomeDirectory) -and $homeFolderPath -and $homeDrive)
#Check if folder already Exists
$exists = Test-Path $homeFolderPath
#Check if Deleted or Moved folder Exists
$parent = Get-Item $homeFolderPath.Substring(0,$homeFolderPath.LastIndexOf("\"))
$existingFolder = Get-ChildItem $parent -Filter *$account
"Creating new homefolder at " + $homeFolderPath + " for : $account" | Out-File $DebugFile -Append
$folder = New-Item $homeFolderPath -Type Directory
$catch = AddAccessRule $folder $account "Modify"
$catch = UpdateUser $homeFolderPath $homeDrive
#Folder already exists!
# Update user and permissions
"Found Existing folder, adding access rule and updating user" | Out-File $DebugFile -Append
$folder = Get-Item $homeFolderPath
$catch = AddAccessRule $folder $account "Modify"
$catch = UpdateUser $homeFolderPath $homeDrive
#Return the result to the MA
$obj = @{}
{#Writing close tag in debugfile
"Ending Export : " + (Get-Date) | Out-File $DebugFile -Append
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.