Actions

Powershell: Folders ACL Parser

From Rabbi Blog

The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

Purpose

We utilize AD Security Groups as the ACL mechanism for shared folders and sometimes someone wants a report of who has access to what or it's good to look at sometimes. This script reads the top level folders from the designated $PATH and grabs the ACL list, then asks AD for members of the SecGrp. Output to text.

To Do

  • This was a hackjob.

Code

$PATH="E:\SHARES\"
$DOMAIN="YOURDOMAIN\" #Ex: YOURDOMAIN\
#######################
#$date = get-date -Format d
$OUTPUT="ACL.txt"
write-host $OUTPUT
Remove-Item $output
$FOLDERS=Get-ChildItem -path $PATH -Directory

foreach ($FOLDER in $FOLDERS)
	{
	$FULLPATH=$PATH + $FOLDER

	write-host $FULLPATH
	Add-Content "$OUTPUT" ""
	Add-Content "$OUTPUT" "_____________________________"
	Add-Content "$OUTPUT" ""
	Add-Content "$OUTPUT" "$FULLPATH"
	$ACL_ACCESS=(Get-Acl -Path $FULLPATH).Access.IdentityReference
	foreach ($ACL in $ACL_ACCESS)
		{
		if ($ACL -like '*FILEACCESS_*')  #looking for specific AD SecGrps prefixes
			{
			#write-host "$ACL"
			$ACL=$ACL -replace "$DOMAIN\",""
			Add-Content "$OUTPUT" "$ACL"
			#write-host $ACL
			$ACCESS=Get-ADGroupMember -Identity "$ACL" -Recursive | Select-Object -ExpandProperty Name
			foreach ($MEMBER in $ACCESS)
				{
				Add-Content "$OUTPUT" "$MEMBER"	
				}
			}
		}

	}