![]() If we run our code now, a new folder will be created, and inherited permissions will be converted into explicit permissions for the folder. New-Item $newFolderFull -ItemType Directory Next we can add the folder itself and remove inherited permissions: Write-Output "Add Folder." New-AdGroup $groupNameR -samAccountName $groupNameR -GroupScope DomainLocal -path "OU=NTFS Groups,DC=TR12R,DC=local" New-AdGroup $groupNameRW -samAccountName $groupNameRW -GroupScope DomainLocal -path "OU=NTFS Groups,DC=TR12R,DC=local" $groupnameRW = "Shared.$newFolderName.RW" Inside our “Else” block, we can add the following: Write-Output "Create AD Groups" I also have an OU just for storing these groups, so you can also add that into the New-ADGroup command, if you wish. If it is ever run interactively, it gives you a good progress indicator. I like to use Output even if the resulting script will be run by a scheduler. We can flesh out our PowerShell code with comments and or with “Output” commands. I have employed it everywhere else I have worked. ![]() I wish I could claim that as my idea, but it came from another engineer with whom I worked. For example, a group giving access to finance in the “shared” share would be named “Shared.Finance,” then appended with an “R” for read only or “RW” for read/write (modify). In organizations I manage, I like to name the AD Groups based on the NTFS Path. Assuming that we have confirmed the folder name (“Y”), we can create the folder and groups. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |