You could use a batch script written with CPAU. This tool is basically like "runas" except that there is an option to pass the password for a privileged account in an "encoded" form (i.e. difficult to read, but not encrypted.)
The script would sit in the root of the share and the Helpdesk would have to run the script with a parameter such as "username". The CPAU tool would run the folder creation in an elevated context (maybe a local login with modify permissions on the HomeDirs folder).
And so on. It requires a little bit of thought to line up your ducks with this.
The CIFS/Samba implementation in FreeNAS is excellent, we have several FreeNAS boxes and VMs going in an active directory enviroment, using AD for permissions on the shares. It's also extremely easy to set up and configure.
Once we've set up the FreeNAS box and enabled the CIFS/Samba service, we add the following to the 'Auxiliary Parameters' box in the CIFS service settings:
client use spnego = yes
winbind enum groups = no
winbind enum users = no
winbind separator = +
winbind use default domain = yes
wide links = no
Some of this may be unnecessary, but make sure to keep the 'wide links = no' in there as it mitigates a potential samba directory traversal vulnerability.
You can the create your shares. To set permissions via AD, we would add the following line to the 'Auxiliary Parameters' box for each individual share with the groups and/or users we want to have access to the share:
Valid Users = @OURDOMAIN+Somegroup @OURDOMAIN+'Some Other Group' OURDOMAIN+someuser OURDOMAIN+someotheruser
Note the groups preceded by '@', everything is separated by spaces, and groups or users with a space in their name are single-quoted.
FreeNAS installs and runs on FreeBSD rather than Linux, which allows it to include things like ZFS, but if you're determined to use Linux, OpenFiler is the Linux-based version of the same project.
If you do want to roll your own rather than use one of these distros (though they will simplify things for you immensely), you also might want to look into Likewise as an alternative to Samba for getting your box on the AD domain.
EDIT: Wow, sounds like you've got a lot of shares to migrate -- you may be able to script the addition of new shares, but be careful -- the smb.conf file gets overwritten from the /conf/config.xml file in FreeNAS each time the system restarts. You might be able to create the xml share definitions from your sharenum output to then paste into copfig.xml, using an example share you make as the template, but these get their own uuid from FreeNAS so I'm not sure how that will work -- I suggest experimenting after install and before you migrate.
Best Answer
Assuming you're running this on Windows Server 2003 or newer you'll have both the TAKEOWN and ICACLS commands. I'm also assuming the that top level folder permission is set sanely (i.e. "Authenticated Users - List Folder Contents - This folder only", proper "Administrator" permissions if you like them being able to get into user folders, etc).
That'll take ownership, clean up all the permissions and restore inheritance, add the user w/ Full Control rights to the directory, and then optionally give back ownership if you un-rem the last line.
My condolences for having to deal with users sharing files between each other out of home directories. That's a real pain.