The following Example is an illustration of how the PowerShell Workflow Activity could be used, some may argue that the PowerShell MA would be better suited for this type of activity and in a scenario where Bulk creations would be necessary i would agree, but this blog posting is to demonstrate that how to use the PowerShell Workflow Activity which is part of the Workflow Activity Library .
The below example is a modified version of the previously documented Post which was Documented using a Server 2008 Target Domain Controller . The below example can be used with Server 2012 R2 or earlier.
Additionally its important to note that this workflow should be triggered after the Synchronization Service updates the users resourceSid (objectSid) in the FIM Portal, this would be a good indication that the user object has been created in AD.
Click on New
Enter the name for your Workflow (I start all my workflows with an "_" which makes it easy to identify all non custom workflows.
Click on Next
Select WAL: Run PowerShell Script
Click on Select
Configure the 1st Workflow Activity
Type in the name for the Activity that will be used as part of the Workflow
Activity Display Name
Create Home Directory
false (Leave unchecked)
Include in Workflow Definition
Param($SamName,$HomePath,$DriveLet,$Domian) ## Create Remote Session (verify that the FIM Service account has permission to run Remote Powershell on the target DC) $Server = "DC1" $dc1 = New-PSSession -ComputerName $Server # Any errors during execution of the script or the script block are bubbled up automatically. # Comment out -ComputerName parameter when running interactively ## Uncomment for Manual Testing # $SamName = "orangejuice" # $homepath = "\\Svr2\e" # $DriveLet= "H" # $Domain = "Contoso" ##Set Variables $Spacer= " " $HomeDir = $homepath + "\" + $SamName ### #Create Home Directory mkdir $homedir #Assign Access Rights $account=$Domain+"\"+$SamName $rights=[System.Security.AccessControl.FileSystemRights]::FullControl $inheritance=[System.Security.AccessControl.InheritanceFlags]"ContainerInherit,ObjectInherit" $propagation=[System.Security.AccessControl.PropagationFlags]::None $allowdeny=[System.Security.AccessControl.AccessControlType]::Allow $dirACE=New-Object System.Security.AccessControl.FileSystemAccessRule ($account,$rights,$inheritance,$propagation,$allowdeny) $dirACL=Get-Acl $homedir $dirACL.AddAccessRule($dirACE) Set-Acl $homedir $dirACL