CODEWITHSUNDEEP
powershellloopsfor-loop
Bilal Habib
Bilal Habib

Reputation: 97

Need help on how to loop through a script

I have some code which i want to run, it is a powershell script which creates network shares, assigns permissions and adds permissions to security groups and adds a user to that group. I have built the code and tested it and it works however now I need to loop it for a list of users in a CSV with a variable called samAccountName

Added a simple for which I have not tried just yet, I have no test environment

Import-Csv "C:\Users\bhabib\makeshares.csv" | ForEach-Object {
New-ADOrganizationalUnit -Name $_."samAccountName" -Path "OU=user,DC=domain,DC=com,DC=com"
New-ADGroup -Name "Write_share_$($_."samAccountName")" -GroupCategory Security -GroupScope Domain -DisplayName "Write_Share_$($_."samAccountName")" -Path "OU=$($_."samAccountName"),OU=user,OU=blabla,DC=domain,Dc=domain,DC=com"
New-ADGroup -Name "Read_share_$($_."samAccountName")" -GroupCategory Security -GroupScope Domain -DisplayName "Read_Share_$($_."samAccountName")" -Path "OU=$($_."samAccountName"),OU=user,OU=blabla,DC=domain,DC=domain,DC=com"
New-Item -Path "D:\Shares\$($_."samAccountName")\MyDocuments" -ItemType "directory" -Force
$securitygroupwrite = "Write_share_$($_."samAccountName")"
$securitygroupread = "Read_share_$($_."samAccountName")"
New-SMBShare -Name $_."samAccountName" -Path "D:\Shares\$($_."samAccountName")\MyDocuments" -FullAccess "Administrators" -ChangeAccess $securitygroupwrite -ReadAccess $securitygroupread
Add-ADPrincipalGroupMembership -Identity $_."samAccountName" -MemberOf "Write_share_$($_."samAccountName")"
Add-ADPrincipalGroupMembership -Identity $_."samAccountName" -MemberOf "Read_share_$($_."samAccountName")"
$acl = Get-Acl "D:\Shares\$($_."samAccountName")\MyDocuments"
$AccessRuleWrite = New-Object System.Security.AccessControl.FileSystemAccessRule(“UPN\Write_share_$($_."samAccountName")","FullControl","ContainerInherit, ObjectInherit", "None","Allow")
$AccessRuleExecute = New-Object System.Security.AccessControl.FileSystemAccessRule(“UPN\Read_share_$($_."samAccountName")","ReadAndExecute","ContainerInherit, ObjectInherit", "None","Allow")
$AccessRuleRead = New-Object System.Security.AccessControl.FileSystemAccessRule(“UPN\Read_share_$($_."samAccountName")","Read","ContainerInherit, ObjectInherit", "None","Allow")
$acl.SetAccessRule($AccessRuleWrite)
$acl.SetAccessRule($AccessRuleRead)
$acl.SetAccessRule($AccessRuleExecute)
$acl | Set-Acl 
$acl = Get-Acl "D:\Shares\$($_."samAccountName")\MyDocuments"
}

Upvotes: 0

Views: 71

Answers (1)

Jakobii
Jakobii

Reputation: 616

You should always have a test environment. ACTIVE DIRECTORY is a pain to restore through snapshots. I really recommend you build a test environment. It's not hard and you won't be sorry.

However it does looks like your for loop is setup correctly. You don't need to have quotes around the samAccountName variable. But it does hurt either.

Your script would probably be more stable if you explicitly list the domain controller with the -Server parameter.

You can use the -whatif parameter to aid in the testing process.

Upvotes: 1

Related Questions