The script creates a folder for an AD group and grants the group full access permissions for the folder.
Parameter:
- $folderPath - Specifies a full path to the folder that will be created. You can use value references (e.g. %name%) in the path. They will be replaced with corresponding property values of the group object.
PowerShell
$folderPath = "\\Server\Share\%name%" # TODO: modify me
# Create folder
try
{
$folder = New-Item -Path $folderPath -ItemType Directory -ErrorAction Stop
}
catch
{
$Context.Cancel("An error occurred while creating a folder for the group. Error: " + $_.Exception.Message)
return
}
# Update folder permissions
$aclObj = Get-Acl $folder
# Grant Full Access permissions to the group
$groupSidBinary = $Context.TargetObject.Get("objectSid")
$groupSid = New-Object System.Security.Principal.SecurityIdentifier($groupSidBinary, 0)
$acl = New-Object System.Security.AccessControl.FileSystemAccessRule($groupSid, "FullControl", "ContainerInherit,ObjectInherit", "None", "Allow")
$aclObj.AddAccessRule($acl)
# Update folder permissions
Set-Acl -path $folder $aclObj