您好 韩云佳,
>>windows server 2016 ad
如何通过powershell批量完成ad用户属性中的安全高级设置中的启用继承或禁止继承
启用继承请参照以下脚本:
$users = Get-ADUser -ldapfilter “(objectclass=user)” -SearchBase “ou=contoso,dc=contoso,dc=com”
ForEach($user in $users)
{
$ou = [ADSI](“LDAP://” + $user)
$sec = $ou.psbase.objectSecurity
if ($sec.get_AreAccessRulesProtected())
{
$isProtected = $false
$preserveInheritance = $true
$sec.SetAccessRuleProtection($isProtected, $preserveInheritance)
$ou.psbase.commitchanges()
Write-Host “$user is now enable inheritance permissions”;
}
else
{
$isProtected = $true
$preserveInheritance = $false
Write-Host “$user Nothing Changed”;
}
}
禁用继承:
$users = Get-ADUser -ldapfilter “(objectclass=user)” -SearchBase “ou=contoso,dc=contoso,dc=com”
ForEach($user in $users)
{
$ou = [ADSI](“LDAP://” + $user)
$sec = $ou.psbase.objectSecurity
if ($sec.get_AreAccessRulesProtected())
{
$isProtected = $false
$preserveInheritance = $true
Write-Host “$user Nothing Changed”;
}
else
{
$isProtected = $true
$preserveInheritance = $false
$sec.SetAccessRuleProtection($isProtected, $preserveInheritance)
$ou.psbase.commitchanges()
Write-Host “$user is now disable inheritance permissions”;
}
}
如果回复对您有帮助的话,请您把回复标记为答复,方便论坛中其他相同问题的用户快速找到答案。
此致
Candy
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact
tnmff@microsoft.com.
