ADSec

1.0.0

functions/acl/Set-AdsAcl.ps1

function Set-AdsAcl
{
<#
    .SYNOPSIS
        Updates the ACL on an active directory object.
     
    .DESCRIPTION
        Updates the ACL on an active directory object.
        Used to manage AD delegation.
     
    .PARAMETER Path
        The path / distinguishedname to the object to manage.
     
    .PARAMETER AclObject
        The acl to apply
     
    .PARAMETER Server
        The server / domain to connect to.
         
    .PARAMETER Credential
        The credentials to use for AD operations.
     
    .PARAMETER Confirm
        If this switch is enabled, you will be prompted for confirmation before executing any operations that change state.
     
    .PARAMETER WhatIf
        If this switch is enabled, no actions are performed but informational messages will be displayed that explain what would happen if the command were to run.
     
    .PARAMETER EnableException
        This parameters disables user-friendly warnings and enables the throwing of exceptions.
        This is less user friendly, but allows catching exceptions in calling scripts.
     
    .EXAMPLE
        PS C:\> $acl | Set-AdsAcl
     
        Applies the acl object(s) stored in $acl.
        Assumes that 'Get-AdsAcl' was used to retrieve the data originally.
     
    .EXAMPLE
        PS C:\> Set-AdsAcl -AclObject $acl -Path $dn -Server fabrikam.com
     
        Updates the acl on the object stored in $dn within the fabrikam.com domain.
#>
    [CmdletBinding(SupportsShouldProcess = $true)]
    Param (
        [Alias('DistinguishedName')]
        [string]
        $Path,
        
        [Parameter(Mandatory = $true, ValueFromPipeline = $true)]
        [System.DirectoryServices.ActiveDirectorySecurity]
        $AclObject,
        
        [string]
        $Server,
        
        [System.Management.Automation.PSCredential]
        $Credential,
        
        [switch]
        $EnableException
    )
    
    begin
    {
        $adParameters = $PSBoundParameters | ConvertTo-PSFHashtable -Include Server, Credential
        Assert-ADConnection @adParameters -Cmdlet $PSCmdlet
    }
    process
    {
        if (-not $Path)
        {
            if ($AclObject.DistinguishedName) { $Path = $AclObject.DistinguishedName }
            else
            {
                Stop-PSFFunction -String 'Set-AdsAcl.NoPath' -Target $AclObject -EnableException $EnableException -Category InvalidArgument
                return
            }
        }
        Invoke-PSFProtectedCommand -ActionString 'Set-AdsAcl.SettingSecurity' -Target $Path -ScriptBlock {
            Set-ADObject @adParameters -Identity $Path -Replace @{ ntSecurityDescriptor = $AclObject } -ErrorAction Stop
        } -EnableException $EnableException.ToBool() -PSCmdlet $PSCmdlet
    }
}