One of our customers Active Directory and file servers was having issues with backups on users home directory.

We designed a PowerShell-script to remedy the issue. The script looks through the a selected Organization Unit and verifies that all users have a home directory set, and that it has the appropriate NTFS-permissions.

In this case all users had Full-permissions on their home folder, which led to some users resetting permissions and removing unwanted permissions (Backup or Admin accounts) on their “private” folders.

This script will reset Modify-permissions for the targeted users.

#	User Home Directory Permissions - jocha.se 2013-01-15
#
#	Creates a HomeDirectory for users who are missing one.
#	Verifies they have Modify permissions, if they have Full it replaces with Modify.

# Loading modules
Import-Module ActiveDirectory

$DC = "DC01.DOMAIN.LOCAL"
$OU = "OU=Users,DC=DOMAIN,DC=LOCAL"

$Content = (Get-ADUser -server $Dc -filter * -Properties * -SearchBase $OU | select SamAccountName, HomeDirectory)

FOREACH ($ID in $Content) {
    $User = $ID.SamAccountName
    $Folder = $ID.HomeDirectory
    # If the user does not have a value for HomeDirectory it skips.
    If ($Folder) { 
        # If the HomeDirectory does not exist its created.
        If ((Test-Path $Folder) -ne $true) {
            New-Item -ItemType directory -Path $Folder
            icacls $Folder /grant $User`:`(OI`)`(CI`)M
            }
        # Checking if user has Full permissions on their folder.
        $Icacls = icacls $Folder 
        $Match = "*" + $User + ":(F)*"
        $IcaclsResult = $Icacls -like $Match
        If ($IcaclsResult) {
            Write-Host $User " HomeDirectory has incorrect permissions. Resetting..."
            icacls $Folder /remove:g $User
            icacls $Folder /grant $User`:`(OI`)`(CI`)M
        }
    }    
}

Let me know if anything is not working for you and I’ll do my best to help you out.