Bulk users and home folders - best practice?

[cheeseslice]

Hi,

I am setting up a new server 2008 r2 with windows 7 clients and I'm looking for a bit of advice on how best to bulk add students and teachers and assign them their home folders.

This is my first time setting up a 2008 r2 server and I'm getting a bit confused.

I have set up a shared folder d:\work$ and within this I have subfolders for students and staff which is then divided again into year groups e.g. d:\work$\students\2011\

I want to create the 200 users in ad, create a folder for each of them under 2011 folder, set up folder redirection and roaming profiles.

What is the best way to go about this? Should I be scripting everything, the adding users, creating folders and setting rights to the folders? or should I just be using a script to add the users to AD and using gpo to do everything else?

Thanks

[simpsonj]

You might find this useful... Mikey Magic's Web Site - Active User Manager

Folder redirection is/can be done purely through group policy, and folders for My Documents will be automatically made when you create the users in AD, as long as you set a Home Directory path.

I would advise setting up another share for profiles, and setting the profile path in AD for the users as well. A useful tip would be to use %USERNAME% when typing in the profile and home directory locations. For example, your 2011 students would have \\<servername>\work$\students\2011\%USERNAME% as their home directory and \\<servername>\profiles$\students\2011\%USERNAME% as their profile path.

There shouldn't be a need to script anything, but there is more than one way to skin a cat!

[cheeseslice]

thanks for the quick reply.

I'm having a look at the link you gave me now.

What permissions do I have to set on my share work$?

[simpsonj]

I would set the share permission to have Everyone with Full Control, but make sure the folders themselves only give the student in question and the Administrator access. But other people will have different ideas on security. I'm reasonable lax because I don't think the students here are malicious, others won't give students an inch.

[EduTech]

Morning,

Check out the tools from Wise Soft WiseSoft - Resources for IT Professionals

I've used them many of times before without fail! will do what you want without any issues.

Account Management Spreadsheet < That will create your user accounts and allow you to fill in information.
Bulk AD Users < That will help with bulk modifying the users attributes.

I hope that helps,

James.

[browolf]

you don't need a subfolder called 'students' that should be obvious.
For each year make a folder which the name is the year they started. for staff the folder is staff. share these folders

so you have

d:\userareas
\staff$
\2010$
\2009$
etc


no need to make it more complicated than it needs to be

[simpsonj]

Second the Wisesoft software, very handy (just make sure that you use it carefully, I have managed to mess up big style using the Bulk AD Users software...)

[cheeseslice]

you don't need a subfolder called 'students' that should be obvious.
For each year make a folder which the name is the year they started. for staff the folder is staff....

no need to make it more complicated than it needs to be

You are right, there is no need for me to do that, I'll change that now.

Am I right in saying that I don't have to stipulate a home folder if I am going to use a folder redirection gpo?

With folder redirection, will I have to make a policy for each intake year so that the redirection goes to the appropriate subfolder?

[simpsonj]

Personally I give them a home folder in AD and then redirect to the home folder, so that you don't need to do part 2 of your post and make a different GPO for each year (though you can set different redirections based on group membership if thats the route you want to take). I've found that Windows 7 was a bit grumpy about redirecting My Docs unless it was set to redirect Home Directory, but YMMV.

As a heads up, you might want to ensure that Libraries are dealt with in any way you see fit. The reason being is that if the Redirection fails, they will still have a My Documents, but it will be the C:\Users\Public\ My Docs, leading kids to save onto C: and thus it won't be there when they log back in. I use a mandatory profile to get around this issue, but if you're using individual profiles you might want to look into an alternative...

[plexer]

If you have a staff folder and a student folder then you only need to make 2 shares i.e staff$ and student$ whereas if you just use year of entry folders 2010, 2011 etc... you will have more shares.

There is a MS document on technet regarding default permissions.

You can use tools such as dsadd or csvde to create the accounts.

Don't bother with trying to use the $username$ substitution if trying out dsadd it doesn't work.

Once they are created you can do a bulk modify on the home folder attribute and change it to \\server\student$\2011\%username% or whatever path matches in your environment and it will automatically create the home folders for you.

Ben

[simpsonj]

My own personal concern with creating one share and putting every user under that one share is that shares have been known to fail (or they have for me), and the more people rely on that share, the more of a pain it can be. I have every student having their own hidden share, which for many is OTT, but when the share fails (for whatever reason) only one student is afffected, not the entire year or all students... But again, that's completely personal

[teejay]

You are right, there is no need for me to do that, I'll change that now.

Am I right in saying that I don't have to stipulate a home folder if I am going to use a folder redirection gpo?

With folder redirection, will I have to make a policy for each intake year so that the redirection goes to the appropriate subfolder?

You can use an advanced redirection policy to do it by group membership which is probably the easiest way. No need for home folders, very NT4 ;-)

[teejay]

My own personal concern with creating one share and putting every user under that one share is that shares have been known to fail (or they have for me), and the more people rely on that share, the more of a pain it can be. I have every student having their own hidden share, which for many is OTT, but when the share fails (for whatever reason) only one student is afffected, not the entire year or all students... But again, that's completely personal

If you're getting shares fail on a regular basis then you have some serious problems with your network infrastructure.

[cheeseslice]

You can use an advanced redirection policy to do it by group membership which is probably the easiest way. No need for home folders, very NT4 ;-)

Do you use roaming profiles as well? I'm trying to work out if they are worthwhile or not in a school environment. I have been asked to create a group policy that locks down as much as possible. Though I think that it is nearly impossible to do this without some sort of third party software.

[plexer]

Do you use roaming profiles as well? I'm trying to work out if they are worthwhile or not in a school environment. I have been asked to create a group policy that locks down as much as possible. Though I think that it is nearly impossible to do this without some sort of third party software.

You can lock down your clients very tightly using just GPO and GPP no need for 3rd party tools.

Ben