Question

以下是我必须为用户创建目录的代码。我想知道如果目录已经存在，如何跳过ACL部分。

#Search AD for Elem Students

$elem = Get-ADUser -Filter 'company -eq "1479"'
$path = "\\hs-ss\students\elem"
foreach ($user in $elem)
{
  $Username = $User.SamAccountName

  #Create user directory of Storage Server

  New-Item -Path $path -Name $Username -ItemType "directory" -Force | Out-Null
  $ACL = Get-Acl "$path\$Username"
  $ACL.SetAccessRuleProtection($true, $false)
  $ACL.Access | ForEach { [Void]$ACL.RemoveAccessRule($_) }
  $ACL.AddAccessRule((New-Object System.Security.AccessControl.FileSystemAccessRule("$NTDomain\Domain     Admins", "FullControl", "ContainerInherit, ObjectInherit", "None", "Allow")))
  $ACL.AddAccessRule((New-Object System.Security.AccessControl.FileSystemAccessRule("$NTDomain\$username", "Modify", "ContainerInherit, ObjectInherit", "None", "Allow")))
  Set-Acl "$Path\$username" $ACL
}

Answer 1

检查目录是否存在：

if (-not (Test-Path -LiteralPath "$path\$Username" -Type Container)) {
  ...
}

如果目录存在，则跳过权限

1 个答案: