Migrate Users Home Folder To A New File Server Using Powershell RRS feed

  • Question

  • Hello,

    I'm looking for a way to migrate employees home folder to a new server, transfer NTFS permissions, and update home folder location in AD. I stumbled across site that did just that using an Advanced powershell Function. However when I run the functions I get the following "cmdle at command pipeline position 1 supply values for the following parameters: username[0]:"

    Can someone please help me figure this out?



       Function Migrate-UsersToNewHomeFolder {
                [string[]] $UserName,

                [string]   $OldServer = 'Corpfile01',
                [string]   $NewServer = 'Corpfile03',
                [string]   $Domain    = 'contoso.com'


        BEGIN {}

        PROCESS {
            foreach ($name in $UserName) {
                if ([bool](Get-ADUser -Filter {samaccountname -eq $name} )) {
                    Get-ADUser $name | Set-ADUser -HomeDrive U: -HomeDirectory "\\$NewServer\mwstaff\$name"
                    robocopy "\\$OldServer\Users\$Name" "\\$NewServer\mwstaff\$Name" /mir /copy:datou /r:1 /w:10
                    sleep 2
                    Set-NTFSOwner -Path "\\$NewServer\mwstaff\$Name" -Account Administrators
                    sleep 2
                    Add-NTFSAccess -Path "\\$NewServer\mwstaff\$Name" -Account "$Domain\$name" -AccessRights FullControl -AccessType Allow -AppliesTo ThisFolderSubfoldersAndFiles


        END {}

    Your assistance with this is greatly appreciated.

    • Moved by Bill_Stewart Tuesday, April 14, 2020 4:33 PM This is not "fix/debug/rewrite my script for me" forum
    Thursday, August 22, 2019 4:53 PM

All replies

  • Try this script. This should help.


    SCCM Admin

    • Proposed as answer by Levi111 Thursday, August 22, 2019 5:38 PM
    Thursday, August 22, 2019 5:38 PM
  • hi gchan662

    4 remarks about your script :

     > Robocopy with parameter /DATOU : why this and not DATSOU (/MIR). Perhaps your current access rights are not correct, in this case, OK.

    > Add-NTFSAccess ... -AccessRights FullControl : Never, no Never give Full Control to a user ... unless you're looking for troubles. Modify Rights are enough. Why ? With Full Control Access Rights, users can take ownership on their HomeDir and do all they want.  Some funny guys, remove on their HomeDir System and all "AD Administrative Groups".  After that, no backup, no easy support by your Service Desk. Save your time. But I'm happy to see that you use the module NTFSSecurity (most powerful and useful PS Module for Admin tasks despite what some admins think).

    > Why $Domain in the input of your function ? Get-ADDomain cmdlet (module ActiveDirectory) retur easely this info. Save your time.

    > If ... user Found ... action, Else  ? Error, loging in a file ...

    And now concerning the error : "cmdlet at command pipeline position 1 supply values for the following parameters: username[0]:"

    It seems to be just a syntax error. The Param $UserName is just a [String]. Then the input can be like this "User1", "User2", "User3" or a variable resulting of a query like Get-content file.txt or Import-csv file.csv.

    Some personal remarks for your own safety.

    - Before any modification action, log the current situation. Always thinking about failback.

    - After any modification action, log the modify situation. Always prove what you did.

    What follows is not advertising, and I've not interest in it, but use EZLog for logging. It's easy to use, and very clean. See Sample in the Github page (EZLog)

    I hope this will be useful. Be brave, you're on the right way.


    Friday, August 23, 2019 6:38 AM
  • Mr. Frog sir. Thanks for taking the time to help a friend in need. 

    1. At the time DATOU made sense in terms of hitting all the requirements however DATSOU makes more sense. 

    2. I understand your concerns around NTFSAccess rights, FullControl is what users currently have this shop is extremely lenient when it comes to end user access. It's been brought up and an initiative to change it is in the works. We understand the risks and accept full responsibility. 

    3. $DOMAIN was copied from a script discovered online it seemed right but you bring up a good point Get-ADDomain is more efficient. 

    4. Not sure I understand your question. 

    5. Syntax error? Is there a way to correct the syntax? And are you saying the input is there by design and we would have to input every username? 

    Thanks in Advance!


    • Edited by gchan662 Tuesday, August 27, 2019 8:32 PM
    Tuesday, August 27, 2019 8:31 PM