+ Reply to Thread
Results 1 to 13 of 13
  1. Senior Member
    Join Date
    Feb 2008
    Location
    West Yorkshire, UK
    Posts
    269

    Certifications
    A+, N+, 70-270, 70-290, 70-291, 70-293, 70-294, 70-298. MCSE 2003! 70-620
    #1

    Default Automatic user folder on Server for new AD users

    I have set up my documents redirection in the past for users through GPOs, but i'm looking for a way to automatically create folders for new users on the Server share.

    Does this get done through a GPO or does it require a logon script using the %username% command somehow? I simply want to be able to copy current AD users and when they first log in, it creates their own folder on \\Server01\Users Shared Folder\'Userfoldername' with only them permitted into the folder.
    Reply With Quote Quote  

  2. SS -->
  3. Occasional Member dave0212's Avatar
    Join Date
    Nov 2007
    Location
    UK
    Posts
    283

    Certifications
    A few..... here are the highlights - CISSP, SSCP, CISA, CSTA, CSTP, CWSA, C|EH. and a bucket load of vendor specific certifications
    #2
    Easiest way is to create a template and add the Profile Path \\Server01\Users Shared Folder\%username% and then copy this when creating new users and when the user logs on this should create the folder for them

    Hope this helps
    Reply With Quote Quote  

  4. Senior Member
    Join Date
    Feb 2008
    Location
    West Yorkshire, UK
    Posts
    269

    Certifications
    A+, N+, 70-270, 70-290, 70-291, 70-293, 70-294, 70-298. MCSE 2003! 70-620
    #3
    Quote Originally Posted by dave0212
    Easiest way is to create a template and add the Profile Path \\Server01\Users Shared Folder\%username% and then copy this when creating new users and when the user logs on this should create the folder for them

    Hope this helps
    Would this not just put their documents and settings folder straight on the Server though, or will this simply create a blank folder that they can write to?
    Reply With Quote Quote  

  5. Occasional Member dave0212's Avatar
    Join Date
    Nov 2007
    Location
    UK
    Posts
    283

    Certifications
    A few..... here are the highlights - CISSP, SSCP, CISA, CSTA, CSTP, CWSA, C|EH. and a bucket load of vendor specific certifications
    #4
    Yes its effectively creating a roaming profile, if you want just a user folder creating then I think the logon script would be the way to go.
    Reply With Quote Quote  

  6. Drops by now and again astorrs's Avatar
    Join Date
    May 2008
    Location
    Vancouver, Canada
    Posts
    3,141

    Certifications
    I have numerous certs from VMware, Citrix, Microsoft, EMC, Nimble Storage, Palo Alto Networks and more...
    #5
    Just for clarification, are you wanting to map a home drive for the users on the server and have it be automatically created (without needed to specify the path for each user) or are you trying to use folder redirection on My Documents or something else?
    Reply With Quote Quote  

  7. Senior Member
    Join Date
    Feb 2008
    Location
    West Yorkshire, UK
    Posts
    269

    Certifications
    A+, N+, 70-270, 70-290, 70-291, 70-293, 70-294, 70-298. MCSE 2003! 70-620
    #6
    All I want is that when I create a new user in active directory, a folder for that new user is created with only permissions for themselves, creating on a Server shared, and also a mapped drive to it with no admin work needed.
    Reply With Quote Quote  

  8. ROFL-Copter pilot snadam's Avatar
    Join Date
    Dec 2006
    Location
    AZ
    Posts
    2,235

    Certifications
    JNCIP-SEC, JNCIS-SEC, JNCIA-JunOS, CCNA, CCENT, MCSE 2003, MCSA 2003, MCP, Network+, Security+
    #7
    Quote Originally Posted by mr2nut
    All I want is that when I create a new user in active directory, a folder for that new user is created with only permissions for themselves, creating on a Server shared, and also a mapped drive to it with no admin work needed.
    Well if you want to have a "home" folder centrally located on a server, then you can do this under the users properties window in the 'Profile' tab in ADUC. You just specify the drive letter and network path of the folder of your choice. Ensuring proper permissions can be done manually or its a script thing.

    EDIT: Which BTW, all this should be possible in a single script; but dont quote me on that.
    Reply With Quote Quote  

  9. Senior Member
    Join Date
    Mar 2007
    Posts
    12,308
    #8
    Do you just want to create a folder with their name or would you like to do something like folder redirection, where you can setup that users my documents, desktop, etc. to point to a network location for centralized backup, management, etc.?
    Reply With Quote Quote  

  10. Senior Member
    Join Date
    Jul 2007
    Posts
    1,198
    #9
    When I create a home folder using ADUC, I usually just go to "Profile Tab" from here I specify a UNC path something like this \\network_server_share\profile\jbaello under home folder Connect: I then specify a drive I usually use the same drive for all users.

    This automatically creates the folder for me, and assigns a full control access to the users folder, I also make sure that I have the following NTFS permission on "Profile" for everyone group - Read, List, & Execute, I will make sure that permissions is not propagated to sub folders, since it might cause issue with automatic permissions.

    I suggest reading more about folder redirection since it has given me problems, when I disabled it on GPO for some reason the settings sticked as a result some of the files under their profile like "application data" folder which is critical for client use was still being redirected, while the client machine thinks that application data resides on the local machine, which causes problems.
    Reply With Quote Quote  

  11. Drops by now and again astorrs's Avatar
    Join Date
    May 2008
    Location
    Vancouver, Canada
    Posts
    3,141

    Certifications
    I have numerous certs from VMware, Citrix, Microsoft, EMC, Nimble Storage, Palo Alto Networks and more...
    #10
    Quote Originally Posted by mr2nut
    All I want is that when I create a new user in active directory, a folder for that new user is created with only permissions for themselves, creating on a Server shared, and also a mapped drive to it with no admin work needed.
    Use a GPO (the ADUC tab method is left over from Windows NT 4 and has been legacy since Windows 2000, but still works fine if you prefer that - depends on scale) to set a home drive for the users to \\server\share$\ and it will automatically append the username. To have it create the folder automatically (without needing to pre-populate it) you need to setup the file/share permissions as follows:

    Share Permissions
    Authenticated Users = Full Control

    NTFS Permissions
    *Administrators = Full Control = This folder, subfolders and files
    *SYSTEM = Full Control = This folder, subfolders and files
    CREATOR OWNER = Modify = Subfolders and files only
    Users = Advanced (Transverse Folder, Create Folders) = This folder only

    *These are optional.
    Reply With Quote Quote  

  12. Junior Member
    Join Date
    Mar 2006
    Posts
    1
    #11
    bump
    Reply With Quote Quote  

  13. Drops by now and again astorrs's Avatar
    Join Date
    May 2008
    Location
    Vancouver, Canada
    Posts
    3,141

    Certifications
    I have numerous certs from VMware, Citrix, Microsoft, EMC, Nimble Storage, Palo Alto Networks and more...
    #12
    Quote Originally Posted by Lukebrynycz
    Quote Originally Posted by dynamik
    Do you just want to create a folder with their name or would you like to do something like folder redirection, where you can setup that users my documents, desktop, etc. to point to a network location for centralized backup, management, etc.?
    Exactly the first bit mate, folder with their name.
    Then follow the steps in my post, it will do exactly what you want and will require zero administrative effort after the initial setup.
    Reply With Quote Quote  

  14. Junior Member
    Join Date
    Nov 2008
    Location
    Milton Keynes, United Kingdom
    Posts
    3

    Certifications
    Network+, MCDST, MCSA 2003
    #13
    the way I do this is...

    * create the first user account and set the home directory using the %USERNAME% variable.
    for example: \\file-server01\users$\%USERNAME%

    * write a batch file which takes a %UN% parameter and then creates the relevant directory: \\file-server01\users$\%UN% and then uses the CACLS command to set the relevant persmissions.

    * when using the batch file, make sure %UN% matches the %USERNAME% of the just created account then create each new account using the AD Copy Context Item or use dsadd in the batch file.

    Regards,
    Jonathan
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks