functions/acl/Get-AdsAcl.ps1
|
function Get-AdsAcl { <# .SYNOPSIS Reads the ACL from an AD object. .DESCRIPTION Reads the ACL from an AD object. Allows specifying the server to ask. .PARAMETER Path The DistinguishedName path to the item. .PARAMETER Server The server / domain to connect to. .PARAMETER Credential The credentials to use for AD operations. .PARAMETER EnableException This parameters disables user-friendly warnings and enables the throwing of exceptions. This is less user friendly, but allows catching exceptions in calling scripts. .EXAMPLE PS C:\> Get-ADUser -Filter * | Get-AdsAcl Returns the ACL of every user in the domain. #> [OutputType([System.DirectoryServices.ActiveDirectorySecurity])] [CmdletBinding()] param ( [Parameter(Mandatory = $true, ValueFromPipeline = $true)] [Alias('DistinguishedName')] [string[]] $Path, [string] $Server, [System.Management.Automation.PSCredential] $Credential, [switch] $EnableException ) begin { $adParameters = $PSBoundParameters | ConvertTo-PSFHashtable -Include Server, Credential Assert-ADConnection @adParameters -Cmdlet $PSCmdlet } process { if (Test-PSFFunctionInterrupt) { return } foreach ($pathItem in $Path) { try { $adObject = Get-ADObject @adParameters -Identity $pathItem -Properties ntSecurityDescriptor } catch { Stop-PSFFunction -String 'Get-AdsAcl.ObjectError' -StringValues $pathItem -Target $pathItem -EnableException $EnableException -Cmdlet $PSCmdlet -ErrorRecord $_ -Continue } $adObject.ntSecurityDescriptor | Add-Member -MemberType NoteProperty -Name DistinguishedName -Value $adObject.DistinguishedName -PassThru } } } |