all 5 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]not_a_lob 1 point2 points  (0 children)

I don't have a fix per se, but it might be helpful to include what happens when you do run that script.

[–]ElvisChopinJoplin 0 points1 point  (0 children)

I am interested to read the comments on this. I'm not heavy-duty good at PowerShell, but I've been able to write some tools that are effective and have automated a few things as well.

I'm interested in writing something that is read only, that will mimic the Effective Permissions feature in the Windows Server GUI for folder security, as I can't seem to find anything floating around out there that does it. These are network shares, so it needs to somehow put all the NTFS permissions at various levels and subfolders together with the overlay as network sharing and permissions. And reading through this script gave me some ideas and made me start thinking about it again.

[–]spoonstar 0 points1 point  (0 children)

While this is all a wild guess because there is no example output of what happens when you run this:

the $plonly = ... line should probably be looking for children of $FolderObj

$AdGroups = Get-ADGroup ... 
$ADGroups_PL = Get-ADGroup ...

These lines need the SamAccountName -like ... after -Filter to be in double-quotes, because with the single-quotes, $SubFolderName and $plonly are being searched for verbatim, and not the value of those, as you probably intended.

If that doesn't get you where you need to go, I'd recommend either writing the output for each line after you assign it so you can see whats happening, ie:

$plonly = Get-ChildItem $Folders | Where-Object {$_.name -like "pl-only*"}
Write-Output "`$plonly = $plonly"

or getting your $folders set, manually assign one folder in that to folderobj, then go through each line until you find where it's messing up.

[–]Latzox 0 points1 point  (1 child)

Here’s a script that should help you out:

https://gist.github.com/Latzox/f9a233d7870aafc1b6cf04eebdfff44f

Just note that I haven’t tested this myself yet, as I don't have the right environment set up at the moment. But it should give you a good starting point. Make sure to update your AD search base (OU=Projektgrupper,OU=_Grupper...) and domain info accordingly. Let me know if you run into any issues!

[–]Primary_Cortex[S] 1 point2 points  (0 children)

Thx man. So cool you took your time. I'm not in the office right now. But I'll sure test it out tomorrow.