public/Get-OUACLs.ps1
|
function Get-OUACLs { Param( [String]$OU, [Switch]$ShowDefaults ) BEGIN { $NBDomain = (get-addomain).netBiosName $ObjectGUIDs = get-ADObjectGUIDs } Process { If ($ShowDefaults) { $ACLList = (get-acl -path "AD:$OU").access } else { $ACLList = (get-acl -path "AD:$OU").access | where-object {$_.IdentityReference -like "$NBDomain\*"} } $ACLList | foreach-object { $thisObject = $_ $AppliesTo = ($objectGUIDs | where-object {$_.GUID -eq $thisObject.InheritedObjectType}).name if ($thisObject.activeDirectoryRights -eq "ExtendedRight") { $item = ($objectGUIDs | where-object {$_.GUID -eq $thisObject.objectType -and $_.Type -eq "Right" -and ($thisObject.InheritedObjectType -eq "00000000-0000-0000-0000-000000000000" -or $_.appliesTo -contains $thisObject.inheritedObjectType)}).name } else { $item = ($objectGUIDs | where-object {$_.GUID -eq $thisObject.objectType -and $_.Type -eq "Object"}).name } $thisObject | select-object ` @{Name = "Principal"; expression = { $_.identityReference }},` @{name = "Rights"; expression = { $_.ActiveDirectoryRights }},` @{name = "AppliesTo"; expression = { $AppliesTo }},` @{Name = "Item"; expression = { $item }},` @{Name = "Access"; expression = { $_.accessControlType }},` @{name = "Inheritance"; expression = { $_.inheritanceType }},` inheritanceFlags,` IsInherited } } } |