Inventory OUs with ACL (Disable Inheritance)

Welcome Forums General PowerShell Q&A Inventory OUs with ACL (Disable Inheritance)

Viewing 3 reply threads
  • Author
    Posts
    • #276411
      Participant
      Topics: 141
      Replies: 298
      Points: 526
      Rank: Major Contributor

      I’m trying to get a script working for giving me info about Inheritance Disabled at the ACL level (not whether GPOs are being blocked)

      I’ve been playing with two one-liners and feel I’m getting close but now the data is either incomplete or unintended.

      This works but is only giving GPO related info

      I see this (but again, it’s about GPOs)

      am I barking up the wrong cmdlet?

    • #276420
      Participant
      Topics: 17
      Replies: 1951
      Points: 3,988
      Helping Hand
      Rank: Community Hero

      Does this work?

      • #276681
        Participant
        Topics: 141
        Replies: 298
        Points: 526
        Rank: Major Contributor

        Hi Rob, yes your code accurately captures Blocks at the GPO level….(thank you)

        …but I’d like to know if PowerShell can capture Inheritance on ACLs set on an OU.

        (Not sure how to uploaded a jpg)
        DSA.msc > right click on an OU > Properties > security > Advanced > I want to see wherever it says “Enable Inheritance”

        ..Also, your code made me realize one thing as well. If I go deeper in the subtrees, I’ll see a lot of Get-GPInheritance -eq “False”. If I want to winnow that to only “True” this is what I’ve tried:

        …I get no errors but I get no results either (and know they are there).

        • This reply was modified 1 month, 2 weeks ago by Jeff Taylor. Reason: additional code request
        • This reply was modified 1 month, 2 weeks ago by Jeff Taylor.
        • This reply was modified 1 month, 2 weeks ago by Jeff Taylor.
        • This reply was modified 1 month, 2 weeks ago by Jeff Taylor.
    • #276885
      Participant
      Topics: 4
      Replies: 12
      Points: 133
      Rank: Participant

      try

      Where-Object {$_.value -eq “True”}

      • #278583
        Participant
        Topics: 141
        Replies: 298
        Points: 526
        Rank: Major Contributor

        I tested for “False” (as I know they exist) but no results were returned

    • #277272
      Participant
      Topics: 17
      Replies: 1951
      Points: 3,988
      Helping Hand
      Rank: Community Hero

      Never done this before, but would assume if you want ACL Permissions you most likely need to use Get-ACL:

      Use PowerShell to Explore Active Directory Security

Viewing 3 reply threads
  • You must be logged in to reply to this topic.