I got stucked when creating my script. It checks whether the user exists, and if they don't have home directory, it should create one. However I need help with an ACL section.

My goal is that the principal of the newly created folder will be the user. And I also like to assign FileSystemAccessRule to the user, so they will have provided desired privileges.

I am enclosing code and output.

$user = Read-Host "user's domain login"
if($user -ne $Null){
    $user = Get-ADUser -Filter { Name -like $user }
    $sac = $user.SamAccountName
}

$domain = Get-ADDomain
$path = "C:\vcgdysrnas03\users\$user"

If(!(Test-Path $path)) {
    New-Item -ItemType Directory -Force -Path $path -ea Stop
}

Set-ADUser -Identity $sac -HomeDirectory $path -HomeDrive C -ea Stop


$acl = $null
$acl = Get-Acl -Path $path
$acl.SetOwner([System.Security.Principal.NTAccount]"$user")


$rule = New-Object System.Security.AccessControl.FileSystemAccessRule("$domain\$sac", "FullControl", "ContainerInherit,ObjectInherit", "None", "Allow")

$acl.SetAccessRule($rule)
Set-Acl -Path $path -AclObject $acl | fl

One error relates to setting owner of folder,

$acl.SetOwner([System.Security.Principal.NTAccount]"$user")

Second is referring to to the user and domain (I've tried several combinations but with no avail).

$rule = New-Object System.Security.AccessControl.FileSystemAccessRule("$domain\$sac", "FullControl", "ContainerInherit,ObjectInherit", "None", "Allow")