internal/functions/acl_ace/Get-PermissionGuidMapping.ps1
function Get-PermissionGuidMapping { <# .SYNOPSIS Retrieve a hashtable mapping permission guids to their respective name. .DESCRIPTION Retrieve a hashtable mapping permission guids to their respective name. This is retrieved from the target forest on first request, then cached for subsequent calls. The cache is specific to the targeted server and maintained as long as the process runs. .PARAMETER NameToGuid Rather than returning a hashtable mapping guid to name, return a hashtable mapping name to guid. .PARAMETER Server The server / domain to work with. .PARAMETER Credential The credentials to use for this operation. .EXAMPLE PS C:\> Get-PermissionGuidMapping -Server contoso.com Returns a hashtable mapping guids to rights from the contoso.com forest. #> [CmdletBinding()] Param ( [switch] $NameToGuid, [PSFComputer] $Server = 'default', [PSCredential] $Credential ) begin { # Script scope variables declared and maintained in this file only if (-not $script:schemaGuidToRightMapping) { $script:schemaGuidToRightMapping = @{ } } if (-not $script:schemaRightToGuidMapping) { $script:schemaRightToGuidMapping = @{ } } } process { [string]$identity = $Server if ($script:schemaGuidToRightMapping[$identity]) { if ($NameToGuid) { return $script:schemaRightToGuidMapping[$identity] } else { return $script:schemaGuidToRightMapping[$identity] } } Write-PSFMessage -Level Host -String 'Get-PermissionGuidMapping.Processing' -StringValues $identity $parameters = $PSBoundParameters | ConvertTo-PSFHashtable -Include Server, Credential $parameters['Debug'] = $false Get-ADObject -SearchBase "CN=Extended-Rights,$((Get-ADRootDSE).configurationNamingContext)" -LDAPFilter '(objectClass=controlAccessRight)' -Properties name, rightsGUID $configurationNC = (Get-ADRootDSE @parameters).configurationNamingContext $objects = Get-ADObject @parameters -SearchBase "CN=Extended-Rights,$configurationNC" -Properties Name,rightsGUID -LDAPFilter '(objectCategory=controlAccessRight)' # Exclude the schema object itself $processed = $objects | Select-PSFObject Name, 'rightsGUID to Guid as ID' | Select-PSFObject Name, 'ID to string' if (-not $processed) { return } $script:schemaGuidToRightMapping[$identity] = @{ "$([guid]::Empty)" = '<All>' } $script:schemaRightToGuidMapping[$identity] = @{ '<All>' = "$([guid]::Empty)" } foreach ($processedItem in $processed) { $script:schemaGuidToRightMapping[$identity][$processedItem.ID] = $processedItem.Name $script:schemaRightToGuidMapping[$identity][$processedItem.Name] = $processedItem.ID } if ($NameToGuid) { return $script:schemaRightToGuidMapping[$identity] } else { return $script:schemaGuidToRightMapping[$identity] } } } |