From 5d6f617b8d60ebd351f9c386df7cd9730845a7d4 Mon Sep 17 00:00:00 2001 From: Karl-Wilfried Zimmer Date: Sun, 14 Jul 2024 20:42:01 +0200 Subject: [PATCH] snap --- NewProject2.ps1 | 86 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 86 insertions(+) create mode 100644 NewProject2.ps1 diff --git a/NewProject2.ps1 b/NewProject2.ps1 new file mode 100644 index 0000000..c8ef2d5 --- /dev/null +++ b/NewProject2.ps1 @@ -0,0 +1,86 @@ +[CmdletBinding()] +param ( + [string] + $ProjectName, + [string] + $Server +) + +. .\Variables.ps1 + +$ret=$null +$acls=$null +$rs=$null + +$projPath=$BaseDirectory+$ProjectName +Write-Host $projPath +$testFolder = Test-Path -Path $projPath -PathType Container + +if($testFolder){ + throw "Directory already exists. Not creating Folder or Share" +} + +if($PSBoundParameters.ContainsKey("ProjectName")){ + if($PSBoundParameters.ContainsKey("Server")){ + $ret = New-ADGroup -Path $Projects -Server $Server -Name $ProjectName -GroupCategory Security -GroupScope Global -PassThru + #$ret = Get-ADGroup $ProjectName -SearchBase $Projects -Server $Server + $acls = . .\AddProjectACL.ps1 -ProjectName $ProjectName -Server $Server + $rs = . .\AddProjectRoles.ps1 -ProjectName $ProjectName -Server $Server + #$ret | Add-ADGroupMember -Members $acl,$r + $acls | ForEach-Object {add-ADGroupMember -Identity $ret -Members $_ -Server $Server} + $rs | ForEach-Object {Add-ADGroupMember -Identity $ret -Members $_ -Server $Server} + } else { + $ret = New-ADGroup -Path $Projects -Name $ProjectName -GroupCategory Security -GroupScope Global -PassThru + #$ret = Get-ADGroup $ProjectName -SearchBase $Projects + $acls = . .\AddProjectACL.ps1 -ProjectName $ProjectName + $rs = . .\AddProjectRoles.ps1 -ProjectName $ProjectName + #$ret | Add-ADGroupMember -Members $acl,$r + $acls | ForEach-Object {Add-ADGroupMember -Identity $ret -Members $_} + $rs | ForEach-Object {Add-ADGroupMember -Identity $ret -Members $_} + } + + if($PSBoundParameters.ContainsKey("Server")){ + $target = $acls | Where-Object Name -Match ".*-RW" + $member = $rs | Where-Object Name -Match ".*-RW" + Add-ADGroupMember -Identity $target -Members $member -Server $Server + $target = $acls | Where-Object Name -Match ".*-RO" + $member = $rs | Where-Object Name -Match ".*-RO" + Add-ADGroupMember -Identity $target -Members $member -Server $Server + } else { + $target = $acls | Where-Object Name -Match ".*-RW" + $member = $rs | Where-Object Name -Match ".*-RW" + Add-ADGroupMember -Identity $target -Members $member + $target = $acls | Where-Object Name -Match ".*-RO" + $member = $rs | Where-Object Name -Match ".*-RO" + Add-ADGroupMember -Identity $target -Members $member + } + + + $folder = New-Item -Path $projPath -ItemType Directory + + $ReadTarget = $acls | Where-Object Name -Match ".*-RO" + $WriteTarget = $acls | Where-Object Name -Match ".*-RW" + Write-Host $ReadTarget.Name + Write-Host $WriteTarget.Name + + $FolderACL= Get-Acl -Path $folder + + $rid = $ReadTarget.Name + $wid = $WriteTarget.Name + $fsrr = "Read" + $fsrr = "Write" + $type = "Allow" + $fsarar = $rid,$fsrr,$type + $fsaraw = $wid,$fsrw,$type + + $fileSystemAccessRuleR = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $fileSystemAccessRuleArgumentList + $fileSystemAccessRuleW = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $fileSystemAccessRuleArgumentList + + $FolderACL.SetAccessRule($fileSystemAccessRuleR) + $FolderACL.SetAccessRule($fileSystemAccessRuleW) + + return $ret +} + +throw "ProjectName parameter needs to be set" +