Filtering AD ACL Object to be excluded from the Get-ACL result?

Welcome Forums General PowerShell Q&A Filtering AD ACL Object to be excluded from the Get-ACL result?

Viewing 4 reply threads
  • Author
    Posts
    • #256391
      Participant
      Topics: 27
      Replies: 28
      Points: 250
      Rank: Participant

      Hi Everyone,

      I need to exclude the certain pattern result of the below script to export the Explicitly defined ACL that is already working.

      Script:

      However, even with the above script RegEx filtering, the result is still the same?

      Also in Line #28, the OGV is not showing the unique directory which is throwing error:

      Thank you in advance,

      • This topic was modified 1 week, 5 days ago by grokkit.
      • This topic was modified 1 week, 5 days ago by grokkit. Reason: code formatting
    • #256520
      Participant
      Topics: 15
      Replies: 1776
      Points: 3,218
      Helping Hand
      Rank: Community Hero

      The filter can be done like so:

      This code:

      First, there is no where in the code provided that $BrokenACLDirectories is defined, so I would think there would be an error about op_addition when you attempt to append to it. If it is defined and you are appending with +=, it’s an array, not an object. The logic for InheritedFrom could use some work. Recommend you work on collecting information in the function so that you can filter what directories are ‘broken’ rather than doing to much analysis when collecting acls as it’s typically time consuming.

    • #256535
      Participant
      Topics: 8
      Replies: 568
      Points: 2,171
      Helping Hand
      Rank: Community Hero

      When you crosspost, you should link that post at a minimum.

      https://stackoverflow.com/questions/63877519/unable-to-filter-acl-identityreference-to-exclude-certain-pattern/63878031?noredirect=1#comment112970414_63878031

      You already have 2 great answers there. If you’re unwilling to take the time to understand them, then please don’t try to get more people to waste their time. As per your screenshot, you are creating a custom identity reference. It’s no longer just the identity, you have added “CreateFile, AppendData, ReadAndExecute,” as well as “DeletedSubdirectoriesAndFiles, Modify,” to the identityreference property. For those that don’t have that added, I would assume a space is added since you are clearly tacking text onto the end of those. What I said in the comment on Theo’s answer is to use the regex match, but you must remove the $ from the exclusion variable as that indicates THE END OF THE LINE. Since the identity reference IS NOT THE END OF THE LINE, this will never match.

      Again, I’m specifically referring to

      $reExcludeObjects = ^({0})$ -f (($Excludes | ForEach-Object { [regex]::Escape($_) }) -join |)

      Therefore, this here will never match

      However, if you change the line as I suggested, removing the $…

      And it doesn’t matter that you’ve added text onto this property. Even this will match

      So please, please, please take a few minutes to try the suggestion. Remove the end of line marker from the code, and hopefully you will have your desired result.

    • #256688
      Participant
      Topics: 27
      Replies: 28
      Points: 250
      Rank: Participant

      @Rob,

      Yes, I’m still confused and no sure what to do to gather all of those broken ACL directories into OGV or .CSV file.

      Hence I need some help in the below code:

    • #256703
      Participant
      Topics: 27
      Replies: 28
      Points: 250
      Rank: Participant

      The logic for InheritedFrom could use some work. Recommend you work on collecting information in the function so that you can filter what directories are ‘broken’ rather than doing too much analysis when collecting acls as it’s typically time-consuming.

      I will create another post topic or thread for the above.

Viewing 4 reply threads
  • You must be logged in to reply to this topic.