Automatic user folder on Server for new AD users

mr2nut

I have set up my documents redirection in the past for users through GPOs, but i'm looking for a way to automatically create folders for new users on the Server share.

Does this get done through a GPO or does it require a logon script using the %username% command somehow? I simply want to be able to copy current AD users and when they first log in, it creates their own folder on \\Server01\Users Shared Folder\'Userfoldername' with only them permitted into the folder.

dave0212

Easiest way is to create a template and add the Profile Path \\Server01\Users Shared Folder\%username% and then copy this when creating new users and when the user logs on this should create the folder for them

Hope this helps

mr2nut

dave0212 wrote:

Easiest way is to create a template and add the Profile Path \\Server01\Users Shared Folder\%username% and then copy this when creating new users and when the user logs on this should create the folder for them

Hope this helps

Would this not just put their documents and settings folder straight on the Server though, or will this simply create a blank folder that they can write to?

dave0212

Yes its effectively creating a roaming profile, if you want just a user folder creating then I think the logon script would be the way to go.

astorrs

Just for clarification, are you wanting to map a home drive for the users on the server and have it be automatically created (without needed to specify the path for each user) or are you trying to use folder redirection on My Documents or something else?

mr2nut

All I want is that when I create a new user in active directory, a folder for that new user is created with only permissions for themselves, creating on a Server shared, and also a mapped drive to it with no admin work needed.

snadam

mr2nut wrote:

All I want is that when I create a new user in active directory, a folder for that new user is created with only permissions for themselves, creating on a Server shared, and also a mapped drive to it with no admin work needed.

Well if you want to have a "home" folder centrally located on a server, then you can do this under the users properties window in the 'Profile' tab in ADUC. You just specify the drive letter and network path of the folder of your choice. Ensuring proper permissions can be done manually or its a script thing.

EDIT: Which BTW, all this should be possible in a single script; but dont quote me on that.

dynamik

Do you just want to create a folder with their name or would you like to do something like folder redirection, where you can setup that users my documents, desktop, etc. to point to a network location for centralized backup, management, etc.?

jbaello

When I create a home folder using ADUC, I usually just go to "Profile Tab" from here I specify a UNC path something like this \\network_server_share\profile\jbaello under home folder Connect: I then specify a drive I usually use the same drive for all users.

This automatically creates the folder for me, and assigns a full control access to the users folder, I also make sure that I have the following NTFS permission on "Profile" for everyone group - Read, List, & Execute, I will make sure that permissions is not propagated to sub folders, since it might cause issue with automatic permissions.

I suggest reading more about folder redirection since it has given me problems, when I disabled it on GPO for some reason the settings sticked as a result some of the files under their profile like "application data" folder which is critical for client use was still being redirected, while the client machine thinks that application data resides on the local machine, which causes problems.

astorrs

mr2nut wrote:

All I want is that when I create a new user in active directory, a folder for that new user is created with only permissions for themselves, creating on a Server shared, and also a mapped drive to it with no admin work needed.

Use a GPO (the ADUC tab method is left over from Windows NT 4 and has been legacy since Windows 2000, but still works fine if you prefer that - depends on scale) to set a home drive for the users to \\server\share$\ and it will automatically append the username. To have it create the folder automatically (without needing to pre-populate it) you need to setup the file/share permissions as follows:

Share Permissions
Authenticated Users = Full Control

NTFS Permissions
*Administrators = Full Control = This folder, subfolders and files
*SYSTEM = Full Control = This folder, subfolders and files
CREATOR OWNER = Modify = Subfolders and files only
Users = Advanced (Transverse Folder, Create Folders) = This folder only

*These are optional.

james12345

bump

astorrs

Lukebrynycz wrote:

dynamik wrote:

Do you just want to create a folder with their name or would you like to do something like folder redirection, where you can setup that users my documents, desktop, etc. to point to a network location for centralized backup, management, etc.?

Exactly the first bit mate, folder with their name.

Then follow the steps in my post, it will do exactly what you want and will require zero administrative effort after the initial setup.

layer_0

the way I do this is...

* create the first user account and set the home directory using the %USERNAME% variable.
for example: \\file-server01\users$\%USERNAME%

* write a batch file which takes a %UN% parameter and then creates the relevant directory: \\file-server01\users$\%UN% and then uses the CACLS command to set the relevant persmissions.

* when using the batch file, make sure %UN% matches the %USERNAME% of the just created account then create each new account using the AD Copy Context Item or use dsadd in the batch file.

Regards,
Jonathan