Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
param (
$Username,
$Password
)
BEGIN
{
$DebugFilePath = "C:\PROGRA~1\MICROS~4\2010\SYNCHR~1\EXTENS~2\HomeDir\homefolder\DebugHomeFolderMA.txt"
if(!(Test-Path $DebugFilePath))
{$DebugFile = New-Item -Path $DebugFilePath -ItemType File}
else
{$DebugFile = Get-Item -Path $DebugFilePath}
"Starting Export : " + (Get-Date) | Out-File $DebugFile -Append
}
PROCESS
{
#Initialize Parameters
$Identifier = $_.Identifier
$objectGuid = $_.DN
$error.clear()
$errorstatus = "success"
$ErrorName = "success"
$ErrorDetail = $null
$date = Get-Date -Format "yyyy-MM-dd"
# Get existing values for home directory attributes
$curUser = New-Object System.DirectoryServices.DirectoryEntry "LDAP://<GUID=$objectGuid>", $Username, $Password
$curHomeDirectory = $curUser.homeDirectory.Value
$curHomeDrive = $curUser.homeDrive.Value
$account = $curUser.sAMAccountName.Value
#Writing curUser to debug file
"Processing : " + $_.DN | Out-File $DebugFile -Append
"No of Changes : " + $_.ChangedAttributeNames.Count | Out-File $DebugFile -Append
### --- FUNCTIONS --- ###
#NOTE! Function calls from the script will generate output to the pipeline unless catched by parameter.
#This output will be seen as errors when running the MA
#Call functions using $catch = FunctionName param1 param2
#Function for adding AccessRule to folder
#$A = Account in the format "AccountName"
#$F = Folder
#$P = Permission to assign. Modify, Read or FullControl typically
#Inheritence is added by default.
function AddAccessRule($F, $A, $P)
{
Try{
$errorstatus = "success"
$acl = Get-Acl $F
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule($A,$P,"ContainerInherit,ObjectInherit","None","Allow")
$acl.AddAccessRule($rule)
# Assign the permissions one level up as when we did the create of the home directory we also created the hdrive subdirectory.
Set-Acl -Path $F.Parent.FullName -AclObject $acl -errorvariable $err
if ( $err ) {throw $err}
}
Catch [exception]
{
"Error in AddAccessRule" | Out-File $DebugFile -Append
$ErrorName = "Script Error"
$errordetail = $error[0].exception
}
}
#Function for setting homeDirectory and homeDrive attribute on user in AD
#Dir = Full homeDirectory path in the format \\server\share\username
#Drive = The drive letter to use, H:
function UpdateUser($Dir,$Drive)
{
If($Dir)
{
$curUser.homeDirectory.Value = $Dir
$curUser.homeDrive.Value = $Drive
}
else
{
$curUser.homeDirectory.Value = $null
$curUser.homeDrive.Value = $null
}
$curUser.SetInfo()
}
### --- End of FUNCTIONS --- ###
### --- MAIN SCRIPT --- ###
#Loop through changes and update parameters
foreach ($can in $_.ChangedAttributeNames)
{
foreach ($ValueChange in $_.AttributeChanges[$can].ValueChanges)
{
if ( $can -eq 'homeFolderPath' ){$homeFolderPath = $ValueChange.Value}
if ( $can -eq 'homeDrive' ){$homeDrive = $ValueChange.Value}
}
}
#Verify changetype.
if ($_.ObjectModificationType -eq 'Add')
{
# adds are caught by importing new objects from Active Directory (see import script)
# and joining these to existing user objects on the metaverse
throw "Add modification are not supported"
}
if ($_.ObjectModificationType -eq 'Delete')
{
# deletes are caught by importing deleted objects (isDeleted) from Active
# Directory (see import script). This way we clear up the CS
throw "Delete modification are not supported"
}
#Supported ChangeType is Replace
if ($_.ObjectModificationType -match 'Replace')
{
# Create homedirectory for brand new users only.
if(-not($curHomeDirectory) -and $homeFolderPath -and $homeDrive)
{
#NewHomeDir
#Check if folder already Exists
$exists = Test-Path $homeFolderPath
if(!$exists)
{
#Check if Deleted or Moved folder Exists
$parent = Get-Item $homeFolderPath.Substring(0,$homeFolderPath.LastIndexOf("\"))
$existingFolder = Get-ChildItem $parent -Filter *$account
if(!$existingFolder)
{
"Creating new homefolder at " + $homeFolderPath + " for : $account" | Out-File $DebugFile -Append
$folder = New-Item $homeFolderPath -Type Directory
$catch = AddAccessRule $folder $account "Modify"
$catch = UpdateUser $homeFolderPath $homeDrive
}
}
else
{
#Folder already exists!
# Update user and permissions
"Found Existing folder, adding access rule and updating user" | Out-File $DebugFile -Append
$folder = Get-Item $homeFolderPath
$catch = AddAccessRule $folder $account "Modify"
$catch = UpdateUser $homeFolderPath $homeDrive
}
}
}
#Return the result to the MA
$obj = @{}
$obj.Add("[Identifier]",$Identifier)
$obj.Add("[ErrorName]",$ErrorName)
if($ErrorDetail){$obj.Add("[ErrorDetail]",$ErrorDetail)}
$obj
}
END
{#Writing close tag in debugfile
"Ending Export : " + (Get-Date) | Out-File $DebugFile -Append
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.