asked on

Script to querry a NTFS permssions on a certain share and querry AD

I am trying to create a script that will querry a list of shares in a txt file and outut the groups that have ntfs persmisions on the share and then querry AD for the group and list the members of the group along with names in a csv file. However if a user is inheriting access at the child level than that user should only be listed once.

ASKER CERTIFIED SOLUTION

Dale Harris

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

daveTechSearch

So... are you looking for something like below... then attempting to get-the group membership from AccessToString?

$shares = get-content c:\temp\source.txt

@(foreach ($share in $shares){
$share | get-acl | select-object @{n='ShareName';e={$share}},AccessToString
}) | Export-csv -noTypeInformation c:\temp\FolderPerms.csv

Open in new window

ullmanneric

ASKER

Ok so that will get me the cotnent but then I will need it to querry AD to see what users are members of the groups that come back for the share and create a CSV

daveTechSearch

Just to confirm.. you are looking for NTFS permissions... not SHARE permissions?

Dale Harris

$shares = get-content c:\temp\source.txt
foreach ($share in $shares){
$ACL = $Share | get-acl
$Access = $ACL.Access
foreach ($Group in $Access){
$PossibleGroups += Get-QADGroup -identity $($Group.identityreference.value.tostring())
}
Foreach ($Group in $PossibleGroups){
$Members += Get-QADGroupMember -identity $Group
}
}
$Members | sort -unique
$Members | Export-csv -notypeinformation C:\temp\FolderPerms.csv

Tested it. Should be good to go.

Basically we are getting all the groups and asking for them on AD. If it returns something, then it won't be null. If it's not null, then query the group members with Get-QADGroupMember.
HTH,

Dale Harris