none
批量启用AD用户属性中的安全高级设置 RRS feed

  • 问题

  • windows server 2016 ad

    如何通过powershell批量完成ad用户属性中的安全高级设置中的启用继承或禁止继承


    2017年8月30日 8:49

答案

  • 您好 韩云佳

    >>windows server 2016 ad

    如何通过powershell批量完成ad用户属性中的安全高级设置中的启用继承或禁止继承

    启用继承请参照以下脚本:

    $users = Get-ADUser -ldapfilter “(objectclass=user)” -SearchBase “ou=contoso,dc=contoso,dc=com”
    ForEach($user in $users)
    {
        
        $ou = [ADSI](“LDAP://” + $user)
        $sec = $ou.psbase.objectSecurity
    
        if ($sec.get_AreAccessRulesProtected())
        {
            $isProtected = $false
            $preserveInheritance = $true
            $sec.SetAccessRuleProtection($isProtected, $preserveInheritance)
            $ou.psbase.commitchanges()
            Write-Host “$user is now enable inheritance permissions”;
        }
        else
        {
            $isProtected = $true
            $preserveInheritance = $false
            Write-Host “$user Nothing Changed”;
        }
    }
    

    禁用继承:

    $users = Get-ADUser -ldapfilter “(objectclass=user)” -SearchBase “ou=contoso,dc=contoso,dc=com”
    ForEach($user in $users)
    {
        
        $ou = [ADSI](“LDAP://” + $user)
        $sec = $ou.psbase.objectSecurity
    
        if ($sec.get_AreAccessRulesProtected())
        {
            $isProtected = $false
            $preserveInheritance = $true
            Write-Host “$user Nothing Changed”;
        }
        else
        {
            $isProtected = $true
            $preserveInheritance = $false
            $sec.SetAccessRuleProtection($isProtected, $preserveInheritance)
            $ou.psbase.commitchanges()
            Write-Host “$user is now disable inheritance permissions”;
        }
    } 
    

    如果回复对您有帮助的话,请您把回复标记为答复,方便论坛中其他相同问题的用户快速找到答案。

    此致

    Candy


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    2017年8月31日 10:18
    版主

全部回复

  • 您好 韩云佳

    >>windows server 2016 ad

    如何通过powershell批量完成ad用户属性中的安全高级设置中的启用继承或禁止继承

    启用继承请参照以下脚本:

    $users = Get-ADUser -ldapfilter “(objectclass=user)” -SearchBase “ou=contoso,dc=contoso,dc=com”
    ForEach($user in $users)
    {
        
        $ou = [ADSI](“LDAP://” + $user)
        $sec = $ou.psbase.objectSecurity
    
        if ($sec.get_AreAccessRulesProtected())
        {
            $isProtected = $false
            $preserveInheritance = $true
            $sec.SetAccessRuleProtection($isProtected, $preserveInheritance)
            $ou.psbase.commitchanges()
            Write-Host “$user is now enable inheritance permissions”;
        }
        else
        {
            $isProtected = $true
            $preserveInheritance = $false
            Write-Host “$user Nothing Changed”;
        }
    }
    

    禁用继承:

    $users = Get-ADUser -ldapfilter “(objectclass=user)” -SearchBase “ou=contoso,dc=contoso,dc=com”
    ForEach($user in $users)
    {
        
        $ou = [ADSI](“LDAP://” + $user)
        $sec = $ou.psbase.objectSecurity
    
        if ($sec.get_AreAccessRulesProtected())
        {
            $isProtected = $false
            $preserveInheritance = $true
            Write-Host “$user Nothing Changed”;
        }
        else
        {
            $isProtected = $true
            $preserveInheritance = $false
            $sec.SetAccessRuleProtection($isProtected, $preserveInheritance)
            $ou.psbase.commitchanges()
            Write-Host “$user is now disable inheritance permissions”;
        }
    } 
    

    如果回复对您有帮助的话,请您把回复标记为答复,方便论坛中其他相同问题的用户快速找到答案。

    此致

    Candy


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    2017年8月31日 10:18
    版主
  • 您好 韩云佳

    回复对您有帮助吗?

    此致

    Candy


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    2017年9月6日 7:09
    版主