Search code examples
powershellactive-directorygroup-policy

I need to replace the path to a mapped network drive at a scheduled time. How do I do it?

I need to replace a mapped network drive for a handful of users at the same time.

I need to make the switch because of a migration to a new server.

Old: \\server1\path New: \\server2\path

The drive letter and anything else will remain the same.

I need to have this occur at or around a specific time this Friday. Any suggestions that would rely on the user's stored credentials and not me knowing their password?

I wanted to use Group Policy, but this is not guaranteed to be accurate in timing. I can't have users using the new server before it's up or using the old server when it's been shut down.

A Scheduled task would work and then pushing it through Group Policy would be great, but then how do I replace the mapped drive for each user on their profile without needing their login info.

This should work:

New-PSDrive -Name $Name -PSProvider FileSystem -Root $NetworkPath -Description $Description -Persist

But I need to run it as the user or at least against the user's profile, but I don't want to use their passwords to accomplish this.

There has to be a way for an Admin to do this.

Edit: I created a GP to add the drive using the old server and added a second one to add the drive using the new server and disabled it. I'm the only one in the group for testing. I've also adjusted the Default Domain Policy to refresh policy instantly. I am getting it to work when I force policy. But only when I force policy. This just seems too slow.

Solution

  • Not strictly a code question, no, but I would suggest the following:

    • New scheduled task created via a User GPO. By default, it'll fill in %LogonDomain%\%LogonUser% for the account running the scheduled task and Run only when user is logged on, so any action it executes will run under the user context.
    • Task trigger should be At logon and for Members of specified group (add the users to a group in advance). Set the Activate and Expire parameters to the appropriate dates. Expire should be set to a long enough interval that your target users will have logged in - a few days/a week/whatever. You can leave it forever, but this kind of GPO you want to clean up eventually, no doubt.
    • Or, if you don't want the task to happen at next logon during the active interval, you can set the trigger to run once at a specific datetime, but be aware they need to be logged on for it to just execute. Best to enable the setting Run task as soon as possible if a scheduled start is missed in that case.
    • Then the task action should be to run the remapping script, which should contain appropriate checks for whether the drive for the logged-on user still needs to be remapped (since the script may have already run once), obviously using the appropriate environment variables to capture the username, etc, if required. Since it's running under the user context already, you shouldn't need to explicitly present username/password to map the drive (assuming it's a SMB share and it's the logged-on user credential accessing it)
    • The remapping script should be located somewhere in the Netlogon share on the DCs, so it's accessible to all that need it.

    That's all off the top of my head, so the detail may be the fun part, but hopefully the outline helps. You were on the right track, essentially.