Automatic user folder on Server for new AD users

I have set up my documents redirection in the past for users through GPOs, but i'm looking for a way to automatically create folders for new users on the Server share.

Does this get done through a GPO or does it require a logon script using the %username% command somehow? I simply want to be able to copy current AD users and when they first log in, it creates their own folder on \\Server01\Users Shared Folder\'Userfoldername' with only them permitted into the folder.

Comments

  • dave0212dave0212 Member Posts: 287
    Easiest way is to create a template and add the Profile Path \\Server01\Users Shared Folder\%username% and then copy this when creating new users and when the user logs on this should create the folder for them

    Hope this helps :)
    This week I have achieved unprecedented levels of unverifiable productivity


    Working on
    Learning Python and OSCP
  • mr2nutmr2nut Member Posts: 269
    dave0212 wrote:
    Easiest way is to create a template and add the Profile Path \\Server01\Users Shared Folder\%username% and then copy this when creating new users and when the user logs on this should create the folder for them

    Hope this helps :)

    Would this not just put their documents and settings folder straight on the Server though, or will this simply create a blank folder that they can write to?
  • dave0212dave0212 Member Posts: 287
    Yes its effectively creating a roaming profile, if you want just a user folder creating then I think the logon script would be the way to go.
    This week I have achieved unprecedented levels of unverifiable productivity


    Working on
    Learning Python and OSCP
  • astorrsastorrs Member Posts: 3,139 ■■■■■■□□□□
    Just for clarification, are you wanting to map a home drive for the users on the server and have it be automatically created (without needed to specify the path for each user) or are you trying to use folder redirection on My Documents or something else?
  • mr2nutmr2nut Member Posts: 269
    All I want is that when I create a new user in active directory, a folder for that new user is created with only permissions for themselves, creating on a Server shared, and also a mapped drive to it with no admin work needed.
  • snadamsnadam Member Posts: 2,234 ■■■■□□□□□□
    mr2nut wrote:
    All I want is that when I create a new user in active directory, a folder for that new user is created with only permissions for themselves, creating on a Server shared, and also a mapped drive to it with no admin work needed.

    Well if you want to have a "home" folder centrally located on a server, then you can do this under the users properties window in the 'Profile' tab in ADUC. You just specify the drive letter and network path of the folder of your choice. Ensuring proper permissions can be done manually or its a script thing.

    EDIT: Which BTW, all this should be possible in a single script; but dont quote me on that.
    **** ARE FOR CHUMPS! Don't be a chump! Validate your material with certguard.com search engine

    :study: Current 2015 Goals: JNCIP-SEC JNCIS-ENT CCNA-Security
  • dynamikdynamik Banned Posts: 12,314 ■■■■■■■■□□
    Do you just want to create a folder with their name or would you like to do something like folder redirection, where you can setup that users my documents, desktop, etc. to point to a network location for centralized backup, management, etc.?
  • jbaellojbaello Member Posts: 1,192
    When I create a home folder using ADUC, I usually just go to "Profile Tab" from here I specify a UNC path something like this \\network_server_share\profile\jbaello under home folder Connect: I then specify a drive I usually use the same drive for all users.

    This automatically creates the folder for me, and assigns a full control access to the users folder, I also make sure that I have the following NTFS permission on "Profile" for everyone group - Read, List, & Execute, I will make sure that permissions is not propagated to sub folders, since it might cause issue with automatic permissions.

    I suggest reading more about folder redirection since it has given me problems, when I disabled it on GPO for some reason the settings sticked as a result some of the files under their profile like "application data" folder which is critical for client use was still being redirected, while the client machine thinks that application data resides on the local machine, which causes problems.
  • astorrsastorrs Member Posts: 3,139 ■■■■■■□□□□
    mr2nut wrote:
    All I want is that when I create a new user in active directory, a folder for that new user is created with only permissions for themselves, creating on a Server shared, and also a mapped drive to it with no admin work needed.
    Use a GPO (the ADUC tab method is left over from Windows NT 4 and has been legacy since Windows 2000, but still works fine if you prefer that - depends on scale) to set a home drive for the users to \\server\share$\ and it will automatically append the username. To have it create the folder automatically (without needing to pre-populate it) you need to setup the file/share permissions as follows:

    Share Permissions
    Authenticated Users = Full Control

    NTFS Permissions
    *Administrators = Full Control = This folder, subfolders and files
    *SYSTEM = Full Control = This folder, subfolders and files
    CREATOR OWNER = Modify = Subfolders and files only
    Users = Advanced (Transverse Folder, Create Folders) = This folder only

    *These are optional.
  • james12345james12345 Member Posts: 1 ■□□□□□□□□□
  • astorrsastorrs Member Posts: 3,139 ■■■■■■□□□□
    dynamik wrote:
    Do you just want to create a folder with their name or would you like to do something like folder redirection, where you can setup that users my documents, desktop, etc. to point to a network location for centralized backup, management, etc.?

    Exactly the first bit mate, folder with their name.
    Then follow the steps in my post, it will do exactly what you want and will require zero administrative effort after the initial setup.
  • slenpreeslenpree Member Posts: 3 ■□□□□□□□□□
    the way I do this is...

    * create the first user account and set the home directory using the %USERNAME% variable.
    for example: \\file-server01\users$\%USERNAME%

    * write a batch file which takes a %UN% parameter and then creates the relevant directory: \\file-server01\users$\%UN% and then uses the CACLS command to set the relevant persmissions.

    * when using the batch file, make sure %UN% matches the %USERNAME% of the just created account then create each new account using the AD Copy Context Item or use dsadd in the batch file.

    Regards,
    Jonathan
    Studying: 70-648 (MCSA -> Server 2008 Upgrade); CCNA
Sign In or Register to comment.