Category Archives: Powershell

PowerShell – Change homedirectory permissions in bulk.

Recently I was asked to change the homedirectory permissions for >4000 users from Full Control, to ready only.

I’ve used below powershell commands to achieve this.

Firstly we need to get all SamAccountName’s in a .csv list. (Change the searchbase).

Get-ADUser -Filter * -SearchBase "OU=www,DC=iterrors,DC=com" | Where { $_.Enabled -eq $True} | select SamAccountName | export-csv c:\temp\iterrors.com

Afer we created the .csv file we need to run below script, this will query all users for their homedirectory path and change the permissions.

Import-Module 'ActiveDirectory'
import-csv c:\temp\iterrors.csv | foreach-object{
$homeDrive = (Get-ADUser -Identity $_.SamAccountName -Properties homedirectory).homedirectory #Query AD for the HomeDrive attribute
$user = (Get-ADUser -Identity $_.SamAccountName -Properties SamAccountName).SamAccountName #Query AD for the SamAccountName attribute
$ACL = Get-Acl $homeDrive
$ACL.setAccessRule((New-Object System.Security.AccessControl.FileSystemAccessRule($_.SamAccountName, "ReadAndExecute", "ContainerInherit,ObjectInherit", "none", "allow")))
Write-Host "Changing permissions on $homeDrive for user $user" -ForegroundColor Magenta
Set-Acl $homeDrive $ACL
}

Sharepoint Online – Add members and owners via PowerShell

To add members and owners to a SharePoint Online TeamSite you have the below commands avaiable:

Note that if you need to make someone Owner of the Teamsite, the user first needs to be member! And then you make the user Owner.

#Get Credentials
$credObject = Get-Credential

#Connect to Exchange Online
$ExchOnlineSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $credObject -Authentication Basic -AllowRedirection

Import-PSSession $ExchOnlineSession

#Get Groupnames
Get-UnifiedGroup

#Check for current members
Get-UnifiedGroupLinks –Identity "groupname" –LinkType Members

#Check for current owners
Get-UnifiedGroupLinks –Identity "groupname" –LinkType Owners

#Add user as member
Add-UnifiedGroupLinks –Identity "groupname" –LinkType Members –Links info@iterrors.com

#Add user as owner (first make the user ‘member’)!!
Add-UnifiedGroupLinks –Identity "groupname" –LinkType Owner –Links info@iterrors.com

#Remove user as member
Remove-UnifiedGroupLinks –Identity "groupname" –LinkType Members –Links info@iterrors.com -Confirm:$false

#Remove user as Owner (Don’t forget to also remove the Members entry).
Remove-UnifiedGroupLinks –Identity "groupname" –LinkType Owners –Links info@iterrors.com -Confirm:$false

#Extra option, turn off the Welcome Message.
Set-UnifiedGroup "groupname" -UnifiedGroupWelcomeMessageEnabled:$false