Automating smb share creation for every Active Directory logged users

I’m find a way to configure TrueNAS Scale to achieve the following workflow in an Active Directory (AD) domain environment. Any advice or best practices would be greatly appreciated!

Current Setup:

• TrueNAS Scale (24.10) is successfully joined to our AD domain.

What I want to achieve:

1. Automated home directory and corresponding SMB share creation
   * Automatically create a private home directory (e.g., /mnt/pool/home/%USERNAME%) for each domain user upon their first login.
   * Ensure only the owning user has read/write access to their home directory (other domain users should not have access).

2. User-Controlled sharing of subdirectories

• Allow domain users to share specific subdirectories within their home directories (e.g., /mnt/pool/home/user1/Projects/Project_X) with other domain users/groups for collaboration.
• Users should be able to manage permissions (read/write) for these shared subdirectories themselves, without administrator intervention.

Example Scenario:

• Domain user John has a home directory: /mnt/pool/home/john.
• John creates a subdirectory Shared_Reports and wants to grant read/write access to Alice (another AD user) and read-only access to the Sales AD group.
• John should be able to set these permissions directly via Windows Explorer (e.g., Security tab) or fsmgmt.msc, and Alice/Sales should only see Shared_Reports when browsing the share.

Hi and welcome to the forums.

Have you tried using the SMB share preset ‘Private SMB Datasets and Shares’?

The second part of your question is going to be the more trickier. Personally the idea of letting end users manage their own permissions fills me with dread.

What I would do is separate the two things 1. Private 2. Shared. Have a private area where users have their own home like directory and then second create another dataset (or more) where data is shared and assign users to AD groups and AD groups as permissions.