-
Notifications
You must be signed in to change notification settings - Fork 0
Get GROUPAcl
oliwex edited this page Dec 6, 2021
·
1 revision
function Get-GROUPAcl {
Param(
[Parameter(Mandatory = $true)]
[alias("GROUP_ACL", "GroupAccessControlList")]
[String] $groupPath
)
$path = "AD:\" + $groupPath
$acls = (Get-Acl -Path $path).Access | Select-Object ActiveDirectoryRights,AccessControlType,IdentityReference,InheritanceType,InheritanceFlags,PropagationFlags
$info = (Get-ACL -Path $path | Select-Object Owner, Group, 'AreAccessRulesProtected', 'AreAuditRulesProtected', 'AreAccessRulesCanonical', 'AreAuditRulesCanonical')
[PSCustomObject] @{
'DN' = $groupPath
'Owner' = $info.Owner
'Group' = $info.Group
'Are Access Rules Protected' = $info.'AreAccessRulesProtected'
'Are AuditRules Protected' = $info.'AreAuditRulesProtected'
'Are Access Rules Canonical' = $info.'AreAccessRulesCanonical'
'Are Audit Rules Canonical' = $info.'AreAuditRulesCanonical'
'ACLs' = $acls
}
}
- Type - private
- Input - distinguished name of group
- Output - PSCustomObject with information about group ACL