-
Notifications
You must be signed in to change notification settings - Fork 1
/
export.ps1
80 lines (36 loc) · 1.41 KB
/
export.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
$Date = Get-Date -UFormat "%Y_%m_%d_%H_%M"
$OutFile = "C:\Backup\Backup_$Date.csv"
if (Test-Path $OutFile){
Del $OutFile
}
if (!(Test-Path -Path "C:\Backup")){
New-Item -ItemType Directory -Path C:\Backup
}
$InputDN = Read-Host -Prompt "Write the DistinguishedName of the Organisation Unit"
Import-Module ActiveDirectory
set-location ad:
(Get-Acl $InputDN).access | ft identityreference, accesscontroltype, isinherited -autosize
$Childs = Get-ChildItem $InputDN -recurse
foreach($Child in $Childs){
Write-Host $Child.distinguishedName
$Header = $Child.distinguishedName
Add-Content -Value $Header -Path $OutFile
$Header = "IdentityReference,AccessControlType,IsInherited"
Add-Content -Value $Header -Path $OutFile
(Get-Acl $Child.DistinguishedName).access | ft identityreference, accesscontroltype, isinherited -autosize
$ACLs = Get-Acl $Child.DistinguishedName | ForEach-Object {$_.access}
Foreach ($ACL in $ACLs){
$OutInfo = $ACL.identityreference
if ($ACL.AccessControlType -eq "Allow"){
$OutInfo = "$OutInfo, Allow"
} else {
$OutInfo = "$OutInfo, Deny"
}
if ($ACL.IsInherited -eq "True"){
$OutInfo = "$OutInfo, True"
} else {
$OutInfo = "$OutInfo, False"
}
Add-Content -Value $OutInfo -Path $OutFile
}
}