So What Brought This On?

Well we are in the process of adding a new SAN to our network at one of our locations.  The path to the roaming profile folders will need to change as a result of this.  However, we only need to make this change for a group of users at a specific location and whose roaming profile is currently pointing to the old server.

PowerShell to the Rescue!

Whenever I get the chance to write a PowerShell script, I get sorta excited about it.  Since we are still on Windows XP SP3 over here, I don’t get the chance to do a lot of cool stuff and all of our servers are not yet running Windows Server 2008 (even though we are getting there).

So I decided to write a handy script that will automate this process for me.  There are a few things to be aware of when running this script.
I ran into an issue when I attempted to run the script from a Domain Controller.  I was getting the message Set-ADUser : Insufficient access rights to perform the operation.  There must be some type of security setting or something that disallows this Active Directory editing locally.

So I tried pointing it to a server running Windows Server 2003 by using the -Server parameter but got the following message: Unable to contact the server.  This may be because this server does not exist, it is currently down, or it does not have the Active Directory Web Services running.  This would be because it’s a Windows 2003 Server Domain Controller (duh).

So I pointed it to another domain controller running Windows Server 2008 and it worked just fine.

The Script

<#

.SYNOPSIS

Changes the roaming profile path of all Downtown user accounts in Active Directory to a new location.

.DESCRIPTION

Searches Active Directory for all users whos profiles reside on OLDNAS and changes their profile path to a share on NEWNAS

.EXAMPLE

PS C:\>Change-ProfilePath-for-Downtown-Users

#>

# Import the AD Module

Import-Module ActiveDirectory -ErrorAction SilentlyContinue

# Get credentials

$AdminCredentials = Get-Credential

# Get users from Active Directory

$Users = Get-ADUser -Filter {ProfilePath -like "\\OLDNAS\profiles*"} -Properties ProfilePath | Sort SamAccountName

# Loop through the users and change their profile paths

ForEach ($User in $Users ) {

Write-Host "Changing Profile for User:" $User .Name

$ProfilePath = "\\NEWNAS\PROFILES$\" + $User .SamAccountName

Set-ADUser $User -ProfilePath $ProfilePath -Credential $AdminCredentials -Server "lafayettedc2.citysecurities.local"

}