Provision a Home Directory for new Accounts

UPDATED 1/26/2016

The Below Workflow is made possible with the use of an installed Custom Workflow Activity, you could download and install one via the following options:

1. The MIMWAL (Custom Workflow Activity Library)
2. By contacting a Microsoft Business Support Specialist
3. Other 3rd party Custom Workflow Activities (i have not tested  this activity with all available custom workflow activities so it is strongly recommended to test)
4. You could create one using Visual Studio, The following Blog maybe useful in providing information on how to accomplish this "How to: Create a Custom Activity Library"

 

The Below workflow will only work with the target Domain Controller on Server 2008 R2 or earlier, I Have updated this workflow to work with a Target Domain Controller of Server 2012 R2 which can be found at (WAL) - Workflow Example - Create Home Directory

Below is a PowerShell workflow and Script that can be used to create and attach a Home Directory for a new user that was recently created in AD. This PowerShell script would be attached to a PowerShell Workflow that would be triggered after the User account has been created in AD. This could be achieved by using setting the MPR to trigger the workflow when the Object Sid is updated for a user in the FIM Portal. Considering the Object Sid should never change and the Object Sid comes from AD this would be a good indicator that the User account does exist in AD. You may also wish to add a function that tells the PowerShell script which DC it is to run the script against. Finally it is important that the FIMService has the necessary permissions in AD.

In the Below Workflow you could set values for Parameters to pass to the Power Shell Script, In this example I Pass variables to be used to set the Home Directory Path and the Drive letter to be set on the user account.

 

 

##Passes Variables from workflow
#Comment out for Manual testing

Param($SamName,$HomeDir,$DriveLet)

if(-not(Get-Module -name ActiveDirectory))
    {
        Import-Module ActiveDirectory
    }
##Set Variables
$Domain =$(Get-ADDomain).name
$DomainDNS = $(Get-ADDomain).DNSRoot
$Spacer=" "

##Uncomment for Manual Testing
#$SamName = "amarsiglia"
#$homedir = "\\Portal\home\"+$samName
#$DriveLet= "H"
###

if ($homedir)
    {
#Create Home Directory
        mkdir $homedir
#Assign Access Rights
        $account=$Domain+"\"+$SamName
        $rights=[System.Security.AccessControl.FileSystemRights]::FullControl
        $inheritance=[System.Security.AccessControl.InheritanceFlags]"ContainerInherit,ObjectInherit"
        $propagation=[System.Security.AccessControl.PropagationFlags]::None
        $allowdeny=[System.Security.AccessControl.AccessControlType]::Allow
        $dirACE=New-Object System.Security.AccessControl.FileSystemAccessRule ($account,$rights,$inheritance,$propagation,$allowdeny)
        $dirACL=Get-Acl $homedir
        $dirACL.AddAccessRule($dirACE)
        Set-Acl $homedir $dirACL
#Assign AD Attributes
Set-ADUser -Identity $SamName -Replace @{homeDirectory=$homedir;homeDrive=$DriveLet} -Confirm:$false
    }
Return "Success"

 

## https://blogs.msdn.com/connector_space ##