Rabbi Bob: Created page with "=Purpose= We utilize AD Security Groups as the ACL mechanism for shared folders and sometimes someone wants a report of who has access to what or it's good to look at sometime..."

2019-11-18T18:29:00Z

Created page with "=Purpose= We utilize AD Security Groups as the ACL mechanism for shared folders and sometimes someone wants a report of who has access to what or it's good to look at sometime..."

New page

=Purpose=
We utilize AD Security Groups as the ACL mechanism for shared folders and sometimes someone wants a report of who has access to what or it's good to look at sometimes. This script reads the top level folders from the designated $PATH and grabs the ACL list, then asks AD for members of the SecGrp. Output to text.

==To Do==
* This was a hackjob.

=Code=
<pre>
$PATH="E:\SHARES\"
$DOMAIN="YOURDOMAIN\" #Ex: YOURDOMAIN\
#######################
#$date = get-date -Format d
$OUTPUT="ACL.txt"
write-host $OUTPUT
Remove-Item $output
$FOLDERS=Get-ChildItem -path $PATH -Directory

foreach ($FOLDER in $FOLDERS)
{
$FULLPATH=$PATH + $FOLDER

write-host $FULLPATH
Add-Content "$OUTPUT" ""
Add-Content "$OUTPUT" "_____________________________"
Add-Content "$OUTPUT" ""
Add-Content "$OUTPUT" "$FULLPATH"
$ACL_ACCESS=(Get-Acl -Path $FULLPATH).Access.IdentityReference
foreach ($ACL in $ACL_ACCESS)
{
if ($ACL -like '*FILEACCESS_*') #looking for specific AD SecGrps prefixes
{
#write-host "$ACL"
$ACL=$ACL -replace "$DOMAIN\",""
Add-Content "$OUTPUT" "$ACL"
#write-host $ACL
$ACCESS=Get-ADGroupMember -Identity "$ACL" -Recursive | Select-Object -ExpandProperty Name
foreach ($MEMBER in $ACCESS)
{
Add-Content "$OUTPUT" "$MEMBER"
}
}
}

}

</pre>

[[Category:Powershell]]
[[Category:Weblog-2019-11]]

Powershell: Folders ACL Parser - Revision history

Rabbi Bob: Created page with "=Purpose= We utilize AD Security Groups as the ACL mechanism for shared folders and sometimes someone wants a report of who has access to what or it's good to look at sometime..."