Monthly Archives: March 2016

Add new user to AD with random password, and DFS home

Posted on by

It most companies I always setup DFS as the home server structure. This allows me to have the same home folder/server location for all users regardless of where data resides. The nightmare of this scenario is the many steps it takes to create all of this. Below is a starter script I have written to automate the process. This script doesn’t take into account existing user accounts or data, so some sanity checks are needed.

#config variables
$strDomainName = "@domain.local" #your suffix for all AD users "@domain.local" (UPN Suffix)
$strUserPath = "OU=Users,DC=domain,DC=local" #DN for users OU "OU=Path,OU=To,OU=Users,DC=domain,DC=local"
$strFileServer = "SERVERNT01" #The server that hosts the files for DFS (Hostname)
$strFileServerRootPath = "E:\Users\" #the local folder on the file server that contains the user folders
$strDFSRootPath = "\\domain.local\Home\" #The root of the home folder path for DFS \\server\root or domain based \\domain.local\root

##########################
# Do not edit below this #
##########################

#promt for info
$strUserFirst = read-host "Please enter the first name: "
$strUserLast = read-host "Please enter the last name: "
$strUserName = read-host "Please enter the username: "

#random password
$objRandom = New-Object System.Random
$NewPassword=[char]$objRandom.next(65,72) #random capitol letter A through G
1..6 | ForEach { $NewPassword = $NewPassword + [char]$objRandom.next(97,122) } #random lowercase a through z
$NewPassword = $NewPassword + [char]$objRandom.next(48,57) #Random number 0 throu 9
$SecurePassword = ConvertTo-SecureString $NewPassword -AsPlainText -Force

#setup some variables
$strUPN = ($strUserName + $strDomainName)
$strHomeFolder = ($strFileServerRootPath + $strUserName)
$strShare = ($strUserName + "$")
$strFileServerShareRootPath = ("\\" + $strFileServer + "\")

#create the account
New-ADUser -Name ($strUserFirst + " " + $strUserLast) -GivenName $strUserFirst -Surname $strUserLast -SamAccountName $strUserName -UserPrincipalName $strUPN -AccountPassword $SecurePassword -Path $strUserPath -PassThru | Enable-ADAccount

#replicate AD
repadmin /syncall /A /P /e /d > $null

#Create the folder
Invoke-Command -ComputerName $strFileServer -Scriptblock {
#create the folder
New-Item $Using:strHomeFolder -ItemType directory -Force > $null
#set the ACL
$objACL = Get-Acl $Using:strHomeFolder
$objPermission = $Using:strUPN,"Modify",”ContainerInherit,ObjectInherit”,”None”,”Allow”
$objAccessRule = new-object System.Security.AccessControl.FileSystemAccessRule $objPermission
$objACL.SetAccessRule($objAccessRule)
$objACL | Set-Acl $Using:strHomeFolder > $null
#share it out
New-SmbShare -name $Using:strShare -path $Using:strHomeFolder -FullAccess Everyone > $null
}
#create the DFS link
New-DfsnFolder -path ($strDFSRootPath + $strUserName) -TargetPath ($strFileServerShareRootPath + $strShare) > $null
#output the user and password
Write-Host "Created user $strUPN with password: $NewPassword"