EguibarIT.DelegationPS

1.26.15

Public/Miscellaneous/Get-AclAccessRule.ps1

                                Function Get-AclAccessRule {

    <#

        .Synopsis

            Helper function to show Access Rules of given object

        .DESCRIPTION

            This function will retrive and display the Access Rules of the given object.

        .EXAMPLE

            Get-AclAccessRule "OU=Users,OU=XXXX,OU=Sites,DC=EguibarIT,DC=local"

        .EXAMPLE

            Get-AclAccessRule -LDAPPath "OU=Users,OU=XXXX,OU=Sites,DC=EguibarIT,DC=local"

        .EXAMPLE

            Get-AclAccessRule "OU=Users,OU=XXXX,OU=Sites,DC=EguibarIT,DC=local" "Pre-Windows 2000 Compatible Access"

        .EXAMPLE

            Get-AclAccessRule -LDAPPath "OU=Users,OU=XXXX,OU=Sites,DC=EguibarIT,DC=local" -SearchBy "Pre-Windows 2000 Compatible Access"

        .EXAMPLE

            $Splat = @{

                LDAPPath = "OU=Users,OU=XXXX,OU=Sites,DC=EguibarIT,DC=local"

                SearchBy = "Pre-Windows 2000 Compatible Access"

            }

            Get-AclAccessRule @Splat

        .PARAMETER LDAPpath

            [String] Distinguished Name of the object

        .PARAMETER SearchBy

            [String] The identity to filter ACE

        .NOTES

            Used Functions:

                Name                                   | Module

                ---------------------------------------|--------------------------

                Get-ACL                                | Microsoft.PowerShell.Security

                Set-Location                           | Microsoft.PowerShell.Management

                Convert-GUIDToName                     | EguibarIT.Delegation

        .NOTES

            Version:         1.1

            DateModified:    17/Oct/2022

            LasModifiedBy:   Vicente Rodriguez Eguibar

                vicente@eguibar.com

                Eguibar Information Technology S.L.

                http://www.eguibarit.com

    #>

    [CmdletBinding(ConfirmImpact = 'Low')]

    [OutputType([System.Collections.ArrayList])]

    param

    (

        # PARAM1 LDAP path to the object to get the ACL

        [Parameter(Mandatory = $true, ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true,

            HelpMessage = 'Distinguished Name of the object',

            Position = 0)]

        [ValidateNotNullOrEmpty()]

        [ValidateScript({ Test-IsValidDN -ObjectDN $_ })]

        [Alias('DN', 'DistinguishedName')]

        [String]

        $LDAPpath,

        # PARAM1 Search by Identity Reference

        [Parameter(Mandatory = $False, ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true,

            HelpMessage = 'The identity to filter ACE',

            Position = 1)]

        [Alias('IdentityReference', 'Identity', 'Trustee', 'GroupID')]

        [String]

        $SearchBy

    )

    Begin {

        $error.clear()

        Write-Verbose -Message '|=> ************************************************************************ <=|'

        Write-Verbose -Message (Get-Date).ToShortDateString()

        Write-Verbose -Message ('  Starting: {0}' -f $MyInvocation.Mycommand)

        Write-Verbose -Message ('Parameters used by the function... {0}' -f (Get-FunctionDisplay $PsBoundParameters -Verbose:$False))

        ##############################

        # Variables Definition

        Import-Module -Name ActiveDirectory -Verbose:$false

        Set-Location -Path AD:\

        $result = [System.Collections.ArrayList]::New()

    } #end Begin

    Process {

        If ($PSBoundParameters['searchBy']) {

            $AclAccess = Get-Acl -Path $PSBoundParameters['LDAPpath'] |

            Select-Object -ExpandProperty Access |

            Where-Object -FilterScript {

                $_.IdentityReference -match $PSBoundParameters['searchBy']

            }

            Write-Verbose -Message ('{0}    ACE (Access Control Entry)  Filtered By: {1}' -f $Constants.NL, $PSBoundParameters['searchBy'])

        } else {

            $AclAccess = Get-Acl -Path $PSBoundParameters['LDAPpath'] | Select-Object -ExpandProperty Access

            Write-Verbose -Message ('{0}    ACE (Access Control Entry) ' -f $Constants.NL)

        }

        Write-Verbose -Message ('    Total ACE found : {0}' -f $AclAccess.count)

        Write-Verbose -Message '------------------------------------------------------------'

        $AceCount = 1

        foreach ($entry in $AclAccess) {

            $ACLResult = [PSCustomObject]@{

                ACENumber             = $AceCount

                Id                    = $entry.IdentityReference

                LDAPpath              = $LDAPpath

                AdRight               = $entry.ActiveDirectoryRights

                AccessControlType     = $entry.AccessControlType

                ObjectType            = (Convert-GUIDToName -guid $entry.ObjectType -Verbose:$false)

                AdSecurityInheritance = $entry.InheritanceType

                InheritedObjectType   = (Convert-GUIDToName -guid $entry.InheritedObjectType -Verbose:$false)

                IsInherited           = $entry.IsInherited

            }

            [void]$result.Add($ACLResult)

            $AceCount++

        } #end Foreach

    } #end Process

    End {

        Write-Verbose -Message "Function $($MyInvocation.InvocationName) finished getting ACL."

        Write-Verbose -Message ''

        Write-Verbose -Message '-------------------------------------------------------------------------------'

        Write-Verbose -Message ''

        Set-Location -Path $env:HOMEDRIVE\

        Return $result

    } #end End

}