Create Home Folder Script & Schedule Task

Hi, I need some help with scripting in ARS.  I have a powershell script that works when run, but I'm trying to created a scheduled task in ARS, that creates a users home folder on a server based on the users extensionAttribute1 (cost center).  If the account was created in the last 1 day, the script should run and create the users home folder.

Here is my script and it is failing at the first -filter.  I don't really know the proper scripting in Quest/One Identity so any help would be greatly appreciated.  This does work successfully in Powershell. Thanks

$date = ((Get-Date).AddDays(-3)).Date
$newUsers = Get-QADUser -filter {whenCreated -ge $date} -properties samaccountname,extensionAttribute1,employeeID,enabled

foreach ($user in $newUsers){
$empID = ""
$cc = ""
$samAccountName = ""
$enabled = ""
$empID = $user.employeeID
$cc = $user.extensionAttribute1
$samAccountName = $user.samAccountName
$enabled = $user.enabled
$userPath = "\\juno\ctstorage\$cc\Users\$samAccountName"
if (!(Test-Path ($userPath)) -and (Test-Path("\\juno\ctstorage\$cc\Users")) -and ($enabled) -and ($cc -ne "") -and ($empID -ne "00000") -and ($empID -ne "99999") -and ($emp -ne "CONSULT")){
MKDIR "$userPath"

$rule=New-Object System.Security.AccessControl.FileSystemAccessRule ("ssc\$samAccountName","Modify",”ContainerInherit,ObjectInherit”,"None","Allow")
$acl = Get-Acl $userPath
$acl.SetAccessRule($rule)
Set-Acl -path $userPath -AclObject $acl
}

}

  • Hi Sarah

    The Get-QADUser commandlet unfortunately does not include the Filter or Properties parameters.

    Below is an updated Get-QADUser command, using the CreateAfter and IncludedProperties parameters (you may also want to include the DontUseDefaultIncludedProperties parameter to reduce the size of the record return, and also the Proxy command, if you need to retrieve a Virtual Attribute from Active Roles) Also you could include the Enabled or Disabled parameters to also reduce the number of records return

    $newUsers = Get-QADUser -CreatedAfter $date -IncludedProperties samAccountName,extensionAttribute1,employeeID

    So would end up with something along the lines of:

    $date = ((Get-Date).AddDays(-3)).Date
    $newUsers = Get-QADUser -CreatedAfter $date -IncludedProperties samAccountName,extensionAttribute1,employeeID -DontUseDefaultIncludedProperties -Enabled
    
    
    foreach ($user in $newUsers)
    {
        $empID = ""
        $cc = ""
        $samAccountName = ""
        $enabled = ""
        $empID = $user.employeeID
        $cc = $user.extensionAttribute1
        $samAccountName = $user.samAccountName
        $userPath = "\\juno\ctstorage\$cc\Users\$samAccountName"
    
        if (!(Test-Path ($userPath)) -and (Test-Path("\\juno\ctstorage\$cc\Users")) -and ($cc -ne "") -and ($empID -ne "00000") -and ($empID -ne "99999") -and ($emp -ne "CONSULT"))
        {
            MKDIR "$userPath"
    
            $rule=New-Object System.Security.AccessControl.FileSystemAccessRule ("ssc\$samAccountName","Modify",ā€¯ContainerInherit,ObjectInheritā€¯,"None","Allow")
            $acl = Get-Acl $userPath
            $acl.SetAccessRule($rule)
            Set-Acl -path $userPath -AclObject $acl
        }
    }

    Hope this helps