none
NTFS/Share Folder permissions duplication for other groups RRS feed

  • General discussion

  • Hi there,

    I am trying to script the following and any help would be greatly appreciated.

    The environment consists of a huge set of DFS shares which presently grant permissions to groups in 'Domain A'.  I need to copy these permissions and apply them to identically named groups in 'Domain B'.  All existing permissions need to remain as-is.

    Example - Folder 1 grants Read/Write permissions to 'Domain A\Accounts Group 1'.  It needs to copy these permissions and grant them to 'Domain B\Accounts Group 1'

    The script needs to do this for all folders and shares in turn.

    I have started looking at Get-ACL and Set-ACL but can't seem to find the way of doing what I'm looking to achieve.

    Thanks in advance.
    Martin Franqueira


    • Edited by M. Franqueira Wednesday, August 1, 2018 10:55 AM
    • Changed type Bill_Stewart Monday, October 22, 2018 2:19 PM
    • Moved by Bill_Stewart Monday, October 22, 2018 2:19 PM This is not "scripts on demand"
    Wednesday, August 1, 2018 10:49 AM

All replies

  • Hi Kevin,

    Thanks for the link - I came across it earlier doing some research into this but it's slightly different to what I'm looking to do.

    I need something that will look at existing permissions for a certain group(s) from Domain A, and apply them to the same folders/files but to a different group of the same name from Domain B.  I'm not trying to retain permissions for new copied folders if that makes sense.

    Cheers,
    Martin

    Wednesday, August 1, 2018 3:10 PM
  • Please read this first:

    This forum is for scripting questions rather than script requests


    -- Bill Stewart [Bill_Stewart]

    Wednesday, August 1, 2018 3:30 PM
  • you can iterate over all your shares and test for of a rule for 'Domain A\Accounts Group 1'.

    The rules are type System.Security.AccessControl.FileSystemAccessRule and you get them like this:

    $acl = get-acl 'folder1'
    $acl.access

    if your check is successfull, you can add a new rule like this:

    $rule = new-object System.Security.AccessControl.FileSystemAccessRule ('Domain B\Account Group 2','FullControl','ContainerInherit, Objectinherit', "None", "Allow") $acl.SetAccessRule($rule)

    set-acl -path 'folder1' -aclobject $acl









    Wednesday, August 1, 2018 7:10 PM
  • Thank you Bill - Noted for future reference.

    Thursday, August 2, 2018 2:39 PM
  • Thanks, I will give this a go in the morning.  Appreciate it.
    Thursday, August 2, 2018 2:40 PM