Return list of user and extended rights to an attribute on an AD object

Welcome Forums General PowerShell Q&A Return list of user and extended rights to an attribute on an AD object

Viewing 0 reply threads
  • Author
    Posts
    • #261230
      Participant
      Topics: 7
      Replies: 10
      Points: 48
      Rank: Member

      Hello,

      I am attempting to list all of the user who have WRITE privileges to msds-oidToGroupLink property on all OID objects located in AD at  “CN=<OID_Value>,CN=OID,CN=Public Key Services,CN=Services,CN=Configuration,DC=domain,DC=com”

      I have numerous OID’s that I need to bring this information back in a form that allows me to review the privileges and ultimately remove some user rights for that property.

       

      My initial attempt to test just one object was:

      $root = get-adrootdse
      $configNCDN = [String]$root.configurationNamingContext
      get-adobject -Filter {(objectclass -eq “msPKI-Enterprise-Oid”)} -searchBase $configNCDN -properties * | select * 

      (get-acl ‘<Oid_Value>,CN=OID,CN=Public Key Services,CN=Services,CN=Configuration,DC=domain,DC=com’).access | ft

      I will use a foreach loop to iterate through each returned OID value and output it to CSV for analysis. However, what is returned does not show who has write privileges on the property msds-oidToGroupLink property.

      I may be attacking this from the wrong point, but I am hoping someone can help with what I am missing to get the information I need.

      Any advise would be appreciated.

      Thank you,

      Brian

       

       

Viewing 0 reply threads
  • You must be logged in to reply to this topic.