Welcome › Forums › General PowerShell Q&A › List of Users with DSACL elements that Contains "Deny"
This topic contains 4 replies, has 3 voices, and was last updated by
Hello I could really use help from the users. I need to convert a pipeline command to an actual powershell script
My pipeline
Get-ADUser UserName | ForEach { DSACLS $_.DistinguishedName } | Where {$_.Contains("Deny")}
What I need is a script that will result in a CSV file with the information of EVERY user that has passes the WHERE clause.
Could really use help on this.
Captain-James
Hi,
You don't need a script to do what you want. Just add the the pipeline a Get-ADUser in case you get the samaccountname back from the where. After that use an Export-Csv.
You don't need DSACL for this. PowerShell can do it.
(get-acl (Get-ADOrganizationalUnit -filter *).distinguishedname).access | ? {$ _.accessControlType –eq "Deny"} | Export-csv C:\denied.csv -notypeinformation
Rick — This pipeline did not work at all
get-acl : Cannot find path 'OU=Microsoft Exchange Security Groups,DC=prog1s,DC=com' because it does not exist. At line:1 char:2 + (get-acl (Get-ADOrganizationalUnit -filter *).distinguishedname).access | ? {$ _ ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : ObjectNotFound: (:) [Get-Acl], ItemNotFoundException + FullyQualifiedErrorId : GetAcl_PathNotFound_Exception,Microsoft.PowerShell.Commands.GetAclCommand
Sorry, as I said I didn't get a chance to test it. I changed it up a bit and tested the code below and it's working for me.
Get-ADOrganizationalUnit -Filter * | % {(Get-ACL "AD:$($_.distinguishedname)").access} | ? {$ _.accessControlType –eq "Deny"} | | Export-csv C:\denied.csv -notypeinformation
The topic ‘List of Users with DSACL elements that Contains "Deny"’ is closed to new replies.
