locked
Set ACL of multiple group in AD via POWERSHELL RRS feed

  • Question

  • Hi everyone

    sorry but I'm not very good with Powershell and I need to set the ACL permission for 500 security groups in AD, in particular I should give the rights of; WRITE, READ and DELETE to user TEST1 in all groups that i have exported in TXT file, I can't understand how to set the access rule .. I tried script below but I don't know if it's ok

    Set-Location AD:\
    $groups = Get-Content c:\groups.txt
    foreach ($group In $groups) {
        $ace = (Get-Acl "AD:$((Get-ADgroup $group).DistinguishedName)").Access 
        foreach ($acl in $ace) {
            $accessrule = New-Object System.Security.AccessControl.ActiveDirectoryAccessRule("domain\test1", "Allow")
            $ace.AddAccessRule($accessrule)
            Set-Acl -AclObject $ace $group.DistinguishedName -Verbose -Passthru
        }
    }



    • Edited by leostor80 Thursday, May 14, 2020 3:56 PM
    Thursday, May 14, 2020 3:28 PM

All replies

  • Set the ACL on the Active Directory Organizational Unit(s) that contain the security group(s) rather than the group(s) themselves.
    Sunday, October 4, 2020 8:19 PM