Public/Revoke-Inheritance.ps1

function Revoke-Inheritance {
    <#
    .Synopsis
      The function will Remove Specific/Non-Inherited ACL and enable inheritance on an object
 
    .DESCRIPTION
      The function will Remove Specific/Non-Inherited ACL and enable inheritance on an object.
      Control whether inheritance from the parent folder should be blocked ($True means no Inheritance)
      and if the previously inherited access rules should be preserved ($False means remove
      previously inherited permissions).
 
    .EXAMPLE
      Revoke-Inheritance -LDAPpath 'OU=Admin,DC=EguibarIT,DC=local' -RemoveInheritance -KeepPermissions
 
    .PARAMETER LDAPpath
      Distinguished Name of the object (or container)
 
    .PARAMETER RemoveInheritance
      Remove inheritance from parent. If present Inheritance will be removed.
 
    .PARAMETER KeepPermissions
      Previous inherited access rules will be kept. If present means rules will be copied
      and maintained, otherwise rules will be removed.
 
    .NOTES
      Version: 1.1
      DateModified: 27/Mar/2024
      LasModifiedBy: Vicente Rodriguez Eguibar
        vicente@eguibar.com
        Eguibar Information Technology S.L.
        http://www.eguibarit.com
  #>

    [CmdletBinding(SupportsShouldProcess = $true, ConfirmImpact = 'Medium')]
    [OutputType([void])]

    Param
    (
        # PARAM1 STRING for the Object Name
        [Parameter(Mandatory = $true,
            ValueFromPipeline = $true,
            ValueFromPipelineByPropertyName = $true,
            HelpMessage = 'Distinguished Name of the object (or container).',
            Position = 0)]
        [ValidateNotNullOrEmpty()]
        [ValidateScript({ Test-IsValidDN -ObjectDN $_ })]
        [Alias('DN', 'DistinguishedName')]
        [String]
        $LDAPpath,

        [Parameter(Mandatory = $false,
            ValueFromPipeline = $true,
            ValueFromPipelineByPropertyName = $true,
            HelpMessage = 'Remove inheritance from parent. If present Inheritance will be removed.',
            Position = 1)]
        [switch]
        $RemoveInheritance,

        [Parameter(Mandatory = $false,
            ValueFromPipeline = $true,
            ValueFromPipelineByPropertyName = $true,
            HelpMessage = 'Previous inherited access rules will be kept. If present means rules will
            be copied and maintained, otherwise rules will be removed.'
,
            Position = 1)]
        [switch]
        $KeepPermissions
    )

    Begin {
        $error.Clear()

        $txt = ($constants.Header -f
            (Get-Date).ToShortDateString(),
            $MyInvocation.Mycommand,
            (Get-FunctionDisplay $PsBoundParameters -Verbose:$False)
        )
        Write-Verbose -Message $txt

        ##############################
        # Module imports

        ##############################
        # Variables Definition


        If ($RemoveInheritance) {
            $isProtected = $true
        } else {
            $isProtected = $false
        }

        If ($KeepPermissions) {
            $preserveInheritance = $true
        } else {
            $preserveInheritance = $false
        }

    } #end Begin

    Process {
        Try {

            # Get the ACL
            $DirectorySecurity = Get-Acl -Path ('AD:\{0}' -f $PSBoundParameters['LDAPpath'])

            # SetAccessRuleProtection, which is a method to control whether inheritance from the parent folder should
            # be blocked ($True means no Inheritance) and if the previously inherited access rules should
            # be preserved ($False means remove previously inherited permissions).
            $DirectorySecurity.SetAccessRuleProtection($isProtected, $preserveInheritance)

            If ($PSCmdlet.ShouldProcess($PSBoundParameters['LDAPpath'], 'Remove inheritance?')) {
                Set-Acl -Path ('AD:\{0}' -f $PSBoundParameters['LDAPpath']) -AclObject $DirectorySecurity
            } #end If

        } Catch {
            Write-Error -Message 'Error when revoking inheritance'
            throw
        }
    } #end Process

    End {
        $txt = ($Constants.Footer -f $MyInvocation.InvocationName,
            'removing inheritance.'
        )
        Write-Verbose -Message $txt
    } #end End
}