Compare txt data with folder name in SharedDirectory if found modify permissions
Hi All, I am struggling to write a Powershell script for the Last Few Days with no success. Hence, I am asking for help here. I have a HomeFolder Directory Named "Shared_Folder_Name" and It contains multiple Folders. Each folder belongs to a user and that particular user has permissions to the Folder. The Folder Name is the same as the user name as shown in the below picture. So the Folder Structure Looks like this. Now, we have Copied the data from HomeDirectory Folders to OneDrive for Business, for Users Folder1, Folder3, and Folder5. The Powershell Script that I am trying to create should read the migrated usernames from a .txt file and compare the folders in the home directory. If the Migrated User Folder is found modify the permissions. So Far I have created the below scripts and trying to join them together. Script 1 - To read the Data from Txt File and comparison with Folder names $Filepath="C:\Users\admin\Desktop\Migration_Completed_Users.txt" $HomeFolders = Get-Childitem D:\Shared_Folder_Name -Directory $HDPath=Get-Content -Path $FilePath #$HDPath foreach ($HDPath in $FilePath){ $FolderName = $HomeFolders.Name If($HDPath -eq $FolderName){ Write-Host "Found Migrated Folder $FolderName" } Else { Write-Host "Not Found Migrated Folder $FolderName" } Script - 2 I got this from the internet to modify the permissions of the folders in the shared directory. #set root share to scan $HomeFolders = get-childitem \\servername\USERS -Directory # loop through all folders in root foreach ($HomeFolder in $HomeFolders) { $Path = $HomeFolder.FullName #set username based on folder name. Know that this is not going to be 100% accurate # since some user shares may have access granted to other users(ie, managers) $Username = $HomeFolder.Name # set variable for Username $IdentityReferrence = "domain\$Username" # create security object specific to user $Ar = New-Object System.Security.AccessControl.FileSystemAccessRule($IdentityReferrence, 'Modify', 'ContainerInherit,ObjectInherit', 'None', 'Allow') # get acl of folder in loop $Acl = (Get-Item $Path).GetAccessControl('Access') # look through all access objects foreach ($aclitem in $acl.Access) { # if a matching userID is found, check the permissions against the new access rule identity reference. if ($aclitem.IdentityReference -eq $ar.IdentityReference) {{{ # if rights do not match, set the permissions with access rule set before if ($aclitem.FileSystemRights -ne $ar.FileSystemRights) { write-host $HomeFolder.FullName "has permission of "$aclitem.FileSystemRights $Acl.SetAccessRule($Ar) write-host "Correcting permissions on $($homefolder.fullname)" (Get-Item $HomeFolder.FullName).SetAccessControl($acl) } } } } } } my thought is to combine Script 1 and 2 to get my final script.
Restore defaults ACL permissions using PowerShell
I'm doing a Active Directory Domain Services ADDS cleanup where I try to correct the ACL of every Computer/Group/User. I'm using the following script below to correct the owner of each object. I would also like to correct the explicit permissions set on each object by reset the permissions to default (Equivalent to hitting the Restore defaults button). How can I do that? $ADDomainDistName = (Get-ADDomain).DistinguishedName $ADDomainName = (Get-ADDomain).Name $ADForestName = (Get-ADDomain).Forest $SecurityPrincipalDomainAdmins = New-Object System.Security.Principal.NTAccount("$ADForestName", "Domain Admins" ) function ADUsers () { $ADUsers = Get-ADUser -Filter * -Properties CanonicalName -SearchBase "OU=OU,$ADDomainDistName" | Sort-Object CanonicalName foreach ($ADUser in $ADUsers) { $ACL = Get-Acl -Path ("AD:" + $ADUser.DistinguishedName) Write-Host $ADUser.Name -NoNewline if ($ACL.Owner -eq "$ADDomainName\Domain Admins") { Write-Host ' OK' -ForegroundColor Green } elseif ($ACL.Owner -match "$ADDomainName") { Write-Host '' $ACL.Owner -ForegroundColor Yellow $ACL.SetOwner($SecurityPrincipalDomainAdmins) Set-Acl -Path ("AD:" + $ADUser.DistinguishedName) -AclObject $ACL -Confirm } else { Write-Host '' ($ACL.Owner).Substring(2) -ForegroundColor Red $ACL.SetOwner($SecurityPrincipalDomainAdmins) Set-Acl -Path ("AD:" + $ADUser.DistinguishedName) -AclObject $ACL -Confirm } } }
