I have a bit of a situation here, I have two file servers setup with DFS (FS02/FS03). Everything is replicating fine aside from my users HOME directories. Me and my boss had initially created a script which checks for new users in our domain and then creates them a directory.
At some point this broke and now FS02 and FS03 have differing files, I'll have to deal with that later, its not the end of the world.
Here is the issue at hand, DFS Can't replicate anything in the home folder. I checked the permissions for some of these users, one being say.. Tim. I right click on Tim's folder and check security properties. All the permissions are blank on this screen (For SYSTEM, Local Admin, Domain Admin and Domain\TIM.
When I click Advanced tab they show up.. DFS isn't giving me any errors, I must assume this is permission based as everything else is replicating fine. Here is my script, any issues?:
######## USER CONFIGURABLE ######### Who are the system admins?
$sysadmins = New-Object System.Security.Principal.NTAccount("Domain\Domain Admins")
# What is the file server's root folder?
$fileroot = "D:\DFSRoot\Home\"
###################################
#Root OU
(
[string]$OU = ""
)
#LDAP Filter
$strFilter = "(&(objectCategory=User)(!(memberOf=CN=Internal Services,OU=Groups,OU=CompanyOU,DC=company,DC=local)))"
$objDomain = New-Object DirectoryServices.DirectoryEntry($OU)
$objSearcher = New-Object DirectoryServices.DirectorySearcher
$objSearcher.SearchRoot = $objDomain
$objSearcher.Filter = $strFilter
$adobj= $objSearcher.FindAll()
#Write-Host "Users in $OU"
foreach ($person in $adobj)
{
$prop=$person.properties
$userpath= "$fileroot\$($prop.samaccountname)"
if ((test-path $userpath -pathType container) -ne $True) {
Write-host "Setting up $userpath for $($prop.samaccountname)"
new-item $userpath -itemtype directory
# Lets kill inheritable permissions
$Acl = Get-Acl $userpath
$Acl.SetAccessRuleProtection($true,$true)
Set-Acl $userpath -aclobject $Acl
$Acl = Get-Acl $userpath
#Clean the slate!s
$Acl.Access | %{$Acl.RemoveAccessRule($_)}
# Add SYSTEM user
$Ar = New-Object system.security.accesscontrol.filesystemaccessrule("SYSTEM","FullControl","Allow")
; $Acl.SetAccessRule($Ar)
# Add CREATOR OWNER
$Ar = New-Object system.security.accesscontrol.filesystemaccessrule("CREATOR OWNER","FullControl","Allow")
$Acl.SetAccessRule($Ar)
# Add this user to their folder
$Ar = New-Object system.security.accesscontrol.filesystemaccessrule("$($prop.samaccountname)","FullControl","Allow")
$Acl.SetAccessRule($Ar)
# Add domain admins
$Ar = New-Object system.security.accesscontrol.filesystemaccessrule($sysadmins,"FullControl","Allow")
$Acl.AddAccessRule($Ar)
Set-Acl $userpath $Acl
&nb sp; }
else {
# Only here for debugging.
write-host "$($prop.samaccountname)'s directory exists!"
}
}
Write-host "`nTotal: $($adobj.count)"