$Afdeling = read-host "Geef de afdeling in" while ($Afdeling -eq "") {$Afdeling = read-host "Ingave van een afdeling is verplicht, als u wilt annuleren drukt u op Cancel."} $Quotum = read-host "Geef een schijfquotum in, geef 0 in voor onbeperkt quotum" $ouNaam = "ou" + $Afdeling $groepNaam = "grp" + $Afdeling cd C:\Home try{md $Afdeling} catch {} #Aanmaken OU $objAdsi = [ADSI]"LDAP://DC=Domain, DC=local" $objCreate = $objAdsi.create("organizationalUnit","ou=$ouNaam") $objCreate.setInfo() #Aanmaken groep IN OU $objAdsi = [ADSI]"LDAP://ou=$ouNaam, DC=Domain, DC=local" $objGroup = $objAdsi.create("Group", "CN=$groepNaam") $objGroup.SetInfo() $Connectie = New-object -comobject ADODB.Connection $Recordset = New-object -comobject ADODB.Recordset $Connectie.Open("Provider = Microsoft.Jet.OLEDB.4.0; Data Source = C:\Scripting\gebruikers.mdb") $Recordset.Open("Select * from tblAccounts",$Connectie,3,3) $Recordset.MoveFirst() Do { If ($Recordset.Fields.Item("Afdeling").Value -eq $Afdeling) { #gebruiker aanmaken $objCreate = $objAdsi.create("user","CN=" + $Recordset.Fields.Item("Voornaam").Value + " " + $Recordset.Fields.Item("Naam").Value) $objCreate.put("SAMACCOUNTNAME",$Recordset.Fields.Item("Naam").Value) $objCreate.put("Givenname", $Recordset.Fields.Item("Naam").Value) $objCreate.put("sn", $Recordset.Fields.Item("Voornaam").Value) $objCreate.put("mail",$Recordset.Fields.Item("E-Mail").Value) $objCreate.put("TelephoneNumber",$Recordset.Fields.Item("Telefoon").Value) $objCreate.put("userprincipalname",$Recordset.Fields.Item("Naam").Value + "@Domain.Local") $objCreate.Setinfo() $objCreate.psbase.InvokeSet('AccountDisabled', $false) $objCreate.SetInfo() $objCreate.SetPassword($Recordset.Fields.Item("Naam").Value) #Gebruiker moet nieuw wachtwoord instellen bij login $objCreate.psbase.invokeset("pwdLastSet",0) $objCreate.SetInfo() #User in groep zetten $objGroup.psbase.invoke("add",$objCreate.psbase.path) #Aanmaken persoonlijke map $Pad = ("C:\Home\"+$afdeling) cd $Pad md ($Recordset.Fields.Item("Naam").Value + ' ' + $Recordset.Fields.Item("Voornaam").Value) #Aanmaken verborgen bestand om verwijderen van de map tegen te gaan $Pad = $Pad + '\' + ($Recordset.Fields.Item("Naam").Value + ' ' + $Recordset.Fields.Item("Voornaam").Value) (New-Item ($Pad + "\NoPerms.txt") -type file).attributes = "hidden" #ACL Map $acl = get-acl ("C:\Home\" + $Afdeling + "\" + ($Recordset.Fields.Item("Naam").Value + ' ' + $Recordset.Fields.Item("Voornaam").Value)) $acl.Setaccessruleprotection(1,0) | set-acl $accessrule = new-object system.security.accesscontrol.filesystemaccessrule("DOMAIN\Administrator", [System.Security.AccessControl.FileSystemRights]'FullControl', [System.Security.AccessControl.InheritanceFlags]'ContainerInherit, ObjectInherit',[system.security.accesscontrol.PropagationFlags]'None', [System.Security.AccessControl.AccessControlType]'Allow') $acl.addaccessrule($accessrule) $accessrule = new-object system.security.accesscontrol.filesystemaccessrule(($Recordset.Fields.Item("Naam").Value + "@Domain.Local"), [System.Security.AccessControl.FileSystemRights]'Modify', [System.Security.AccessControl.InheritanceFlags]'ContainerInherit, ObjectInherit',[system.security.accesscontrol.PropagationFlags]'None', [System.Security.AccessControl.AccessControlType]'Allow') $acl.addaccessrule($accessrule) Set-acl -aclobject $acl ("C:\Home\" + $Afdeling + "\" + ($Recordset.Fields.Item("Naam").Value + ' ' + $Recordset.Fields.Item("Voornaam").Value)) $acltext = get-acl ("C:\Home\" + $Afdeling + "\" + ($Recordset.Fields.Item("Naam").Value + ' ' + $Recordset.Fields.Item("Voornaam").Value) + "\NoPerms.txt") $acltext.Setaccessruleprotection(1,0) | set-acl $accessruletext = new-object system.security.accesscontrol.filesystemaccessrule("DOMAIN\Administrator", [System.Security.AccessControl.FileSystemRights]'FullControl', [System.Security.AccessControl.AccessControlType]'Allow') $acltext.addaccessrule($accessruletext) Set-acl -aclobject $acltext ("C:\Home\" + $Afdeling + "\" + ($Recordset.Fields.Item("Naam").Value + ' ' + $Recordset.Fields.Item("Voornaam").Value) + "\NoPerms.txt") $Recordset.Movenext() } else { $Recordset.Movenext() } } Until ($Recordset.EOF -eq $True) $Recordset.Close() $Connectie.Close() #Aanmaken Iedereen #cd C:\Home\$Afdeling #md "iedereen" #$acl = get-acl ("C:\Home\" + $Afdeling + "\iedereen") #$acl.Setaccessruleprotection(1,0) | set-acl #$accessrule = new-object system.security.accesscontrol.filesystemaccessrule("DOMAIN\Administrator", [System.Security.AccessControl.FileSystemRights]'FullControl', [System.Security.AccessControl.InheritanceFlags]'ContainerInherit, ObjectInherit',[system.security.accesscontrol.PropagationFlags]'None', [System.Security.AccessControl.AccessControlType]'Allow') #$acl = get-acl ("C:\Home\" + $Afdeling + "\iedereen") #$acl.Setaccessruleprotection(1,0) | set-acl #$accessrule = new-object system.security.accesscontrol.filesystemaccessrule($groepNaam, [System.Security.AccessControl.FileSystemRights]'Write', [System.Security.AccessControl.InheritanceFlags]'ContainerInherit, ObjectInherit',[system.security.accesscontrol.PropagationFlags]'None', [System.Security.AccessControl.AccessControlType]'Allow') #$acl.addaccessrule($accessrule)