Forum Discussion

Nitrox's avatar
Nitrox
Copper Contributor
Oct 28, 2022

Script to add an AD Security group to multiple User Home drive folders

Hi All   I'm trying to put together a script to perform the following task:   First to add an AD Security Group named "ADMigration" and assign it (Read access) to a large list of User Home Drives...
Windows PowerShell
Varun_Ghildiyal's avatar
Varun_Ghildiyal
Iron Contributor
Mar 28, 2023

Nitrox 

 

# Set the name of the AD security group to create
$GroupName = "ADMigration"

# Create the new AD security group
New-ADGroup -Name $GroupName -GroupScope Global -GroupCategory Security

# Set the list of home drive folders to modify
$HomeDriveList = @(
    "\\server\share\user1",
    "\\server\share\user2",
    "\\server\share\user3"
)

# Loop through each home drive folder and add the AD security group to its ACL with Read access
foreach ($HomeDrive in $HomeDriveList) {
    # Get the current ACL of the home drive folder
    $acl = Get-Acl $HomeDrive

    # Create a new Access Rule for the AD security group with Read access
    $rule = New-Object System.Security.AccessControl.FileSystemAccessRule($GroupName, "ReadAndExecute", "Allow")

    # Add the new Access Rule to the home drive folder's ACL
    $acl.SetAccessRule($rule)

    # Set the modified ACL to the home drive folder
    Set-Acl $HomeDrive $acl
}

 

You will need to update the $GroupName and $HomeDriveList variables to match your environment. Also, make sure to run the script as an administrator and that the account you use has sufficient permissions to modify the ACLs of the home drive folders.

nitrox2000's avatar
nitrox2000
Copper Contributor
Apr 17, 2023
Hi,

Thank you for the advice from both of you, much appreciated.

@Varun

I used the script you supplied and it worked fine but the group did not inherit down through all subfolder and files.

Can you tell me where to add this in the script as i have tried to modify various parts but I continue to get an error?

Many thanks

Nitrox
  • nitrox2000's avatar
    nitrox2000
    Copper Contributor
    Apr 17, 2023
    Ok so ignore last question as managed to get it to work using the following:

    $rule = New-Object System.Security.AccessControl.FileSystemAccessRule($GroupName, 'Read','ContainerInherit,ObjectInherit', 'NoPropagateInherit', 'Allow')

    Works perfectly.

    Thank you both for the advise once again, very much appreciated and thankful

Resources