export folders permissions to csv V3(detail group users Get-ADUser & LDAPFilter)

 a script to export folder permissions for all sub folders of a given folder.     needs to run with elevated permissions to work with encrypted folders.         the script will send emails when done to emails array.                         V2 adds:                      

 
 
 
 
 
(0)
70 times
Add to favorites
Active Directory
12/4/2019
E-mail Twitter del.icio.us Digg Facebook
  • Why so complex ?
    2 Posts | Last post December 06, 2019
    • Hi Tsvi, 
      I don't understand why 
      - You mixed cmd command and powershell cmclets. It's not a good practice. 
      - Why you don't use splating technic when a cmmlet use lot of parameters (i.e. send-mailMessage)
      
      Not critical, to get the Acl you used the old Get-Acl cmdlet. This cmdlet is complex to use and not very intuitive. You can use the PSModule NTFSSecurity and the cmdlet Get-NTFSAccess
      
      Let me show you a short sample. 
      $rootFolder = "c:\temp"
      # Get the tree, only folders
      $tree = Get-ChildItem -Path $RootFolder -Directory -Recurse
      # Get the ACLs for the root Folder
      $Result = Get-NTFSAccess -p $rootFolder
      # Not gather the ACLs for all subfolders and add to the $result variable
      foreach ($Dir in $tree)
          {
          Get-NTFSAccess -Path $dir.fullName 
          }
      # If you want to show only the subdirs managed (with access rights differents from the Root Folder, use the -ExcludeInherited parameter with the previous loop)
      # ...
      
      #region Send Mail Message
      $MailParams = @{
                      SmtpServer = $smtpServer 
                      from = $from 
                      To = $logmail 
                      Subject = $logmailsubject 
                      Body = $logmailbody 
                      BodyAsHTML = $true
                      Priority = "High"
                      Encoding = $textEncoding 
                      }
      Send-mailMessage @Mailparams
      #endregion SendMail Message
      Another point : you can use #region blablabla ... #endregion to separate your code. The reader can collapse one or all regions with a simple short key : CTRL-M
      
      Note that the output of Get-NTFSAccess is similar to the view of the Security Tabl (advanced mode)
      
      Regards
      Olivier
    • as perl guys like to say TIMTOWTDI (There's more than one way to do it).