Powershell newbie Help

Welcome Forums General PowerShell Q&A Powershell newbie Help

This topic contains 2 replies, has 3 voices, and was last updated by

1 year, 9 months ago.

  • Author
  • #70712

    Points: 0
    Rank: Member


    I am new to writing powershell scripts and have been tasked with the following, i understand the layout of the parameters ect for flexibility, but the actual writing i just cant get my head around. if anyone could help me with the below and explain your answer that would be alot of help to me.

    i need a powershell script that will check a complete DFS Root,
    and report all targets and access based enumeration for each.
    I then need the scrip to check all NFTS permissions on all the
    targets and list the security groups assigned.
    I then need this script to search 4 domains and report on the users in these groups.

  • #70733

    Points: 1,811
    Helping HandTeam Member
    Rank: Community Hero

    Happy to try and help, although I can't bang out the whole thing for you. What have you tried? Where are you stuck?

    I will tell you that "check all NTFS permissions on all the targets and list the security groups assigned" is going to be a MASSIVE and time-consuming task. Like, you've no idea how long it's going to take to run through all that unless you've got just one or two targets. PowerShell (indeed, Windows' permissions system) wasn't designed for this. That's where there are $$$ commercial tools to do this. You're basically setting out to write your own commercial tool. It might not be your best first choice for your first PowerShell script :).

  • #70913

    Points: 3
    Rank: Member

    So you are asking us to write it for you?

    Here is some kind of a start for you. As Don said going recursively might take heaps of time. I've done some used space calculations against our DFS and it was running for a day or so.

    $folder = "c:\path"
    #put your domain prefix here
    $domain = "domain"
    $csv = "$($folder.replace('\','_').replace(':','').replace(' ','')).csv"
    $collection = New-Object System.Collections.Generic.List[System.Object]
    $PermCollection = New-Object System.Collections.Generic.List[System.Object]
    foreach($access in (Get-Acl $FOLDER).Access) {
        $filerights = $access.FileSystemRights.ToString();
        $inheritanceFlg = $access.InheritanceFlags.ToString();
        if($inheritanceFlg -eq 'ContainerInherit') {
            $filerights = $filerights.replace('ReadAndExecute','ListDirectory');
        $output = $access.IdentityReference.ToString() + ';' + $filerights;
    $col = $collection | where {$_ -like "$domain*"} 
        foreach ($c in $col) { 
            $ADOC = $c.split(";")[0].split("\")[1]
            $ADOACL = $($c.split(";")[1]) -replace ", Synchronize",""
            $ADO = get-adobject  -filter {CN -eq $ADOC}
            if ($ADO.objectClass -eq "user") {
                $obj = Get-ADUser $($ADO.name) -prop * |
                       select samaccountname,givenname,surname,enabled,lastlogondate, @{Expression={"MappedUser"};Label="PermissionGroup"}, @{Expression={$ADOACL};Label="Permission"}
            if ($ADO.objectClass -eq "group") {
                Get-ADGroupMember -Identity $($ADO.name) -Recursive | 
                                Get-ADUser -prop * |
                                        select samaccountname,givenname,surname,enabled,lastlogondate, @{Expression={$($ADO.name)};Label="PermissionGroup"}, @{Expression={$ADOACL};Label="Permission"} |
                                            foreach {
    $permCollection | export-csv $csv -notypeinformation -encoding "UTF8" -Delimiter ";"
    ""| out-file $csv -Append
    "Exact Folder ACL"| out-file $csv -Append
    $collection | out-file $csv -Append

The topic ‘Powershell newbie Help’ is closed to new replies.

denizli escort samsun escort muğla escort ataşehir escort kuşadası escort