DomainManagement

1.4.85

internal/functions/acl_ace/Get-PermissionGuidMapping.ps1

                                function Get-PermissionGuidMapping

{

    <#

    .SYNOPSIS

        Retrieve a hashtable mapping permission guids to their respective name.

    .DESCRIPTION

        Retrieve a hashtable mapping permission guids to their respective name.

        This is retrieved from the target forest on first request, then cached for subsequent calls.

        The cache is specific to the targeted server and maintained as long as the process runs.

    .PARAMETER NameToGuid

        Rather than returning a hashtable mapping guid to name, return a hashtable mapping name to guid.

    .PARAMETER Server

        The server / domain to work with.

    .PARAMETER Credential

        The credentials to use for this operation.

    .EXAMPLE

        PS C:\> Get-PermissionGuidMapping -Server contoso.com

        Returns a hashtable mapping guids to rights from the contoso.com forest.

    #>

    [CmdletBinding()]

    Param (

        [switch]

        $NameToGuid,

        [PSFComputer]

        $Server = 'default',

        [PSCredential]

        $Credential

    )

    begin

    {

        # Script scope variables declared and maintained in this file only

        if (-not $script:schemaGuidToRightMapping) {

            $script:schemaGuidToRightMapping = @{ }

        }

        if (-not $script:schemaRightToGuidMapping) {

            $script:schemaRightToGuidMapping = @{ }

        }

    }

    process

    {

        [string]$identity = $Server

        if ($script:schemaGuidToRightMapping[$identity]) {

            if ($NameToGuid) { return $script:schemaRightToGuidMapping[$identity] }

            else { return $script:schemaGuidToRightMapping[$identity] }

        }

        Write-PSFMessage -Level Host -String 'Get-PermissionGuidMapping.Processing' -StringValues $identity

        $parameters = $PSBoundParameters | ConvertTo-PSFHashtable -Include Server, Credential

        $parameters['Debug'] = $false

        Get-ADObject -SearchBase "CN=Extended-Rights,$((Get-ADRootDSE).configurationNamingContext)" -LDAPFilter '(objectClass=controlAccessRight)' -Properties name, rightsGUID

        $configurationNC = (Get-ADRootDSE @parameters).configurationNamingContext

        $objects = Get-ADObject @parameters -SearchBase "CN=Extended-Rights,$configurationNC" -Properties Name,rightsGUID -LDAPFilter '(objectCategory=controlAccessRight)' # Exclude the schema object itself

        $processed = $objects | Select-PSFObject Name, 'rightsGUID to Guid as ID' | Select-PSFObject Name, 'ID to string'

        if (-not $processed) { return }

        $script:schemaGuidToRightMapping[$identity] = @{ "$([guid]::Empty)" = '<All>' }

        $script:schemaRightToGuidMapping[$identity] = @{ '<All>' = "$([guid]::Empty)" }

        foreach ($processedItem in $processed) {

            $script:schemaGuidToRightMapping[$identity][$processedItem.ID] = $processedItem.Name

            $script:schemaRightToGuidMapping[$identity][$processedItem.Name] = $processedItem.ID

        }

        if ($NameToGuid) { return $script:schemaRightToGuidMapping[$identity] }

        else { return $script:schemaGuidToRightMapping[$identity] }

    }

}