[Webinar] Streamline your web hosting managementRegister Today

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1451
  • Last Modified:

Powershell: Adding Special Permissions to ACL of an OU using a PS1 script

I've created a Powershell Script to create an OU and multiple sub OUs and SG Groups, I'm using ADSI to do this and it works fine.

However I'm not sure how to go about adding special permissions to the ACL of the OU for a SG, eg Allow Create / Delete Computer Objects, Allow Full Control Descendant Computer Objects for a security group called ABCD

I've tried using GetAccessRules to read the security perms (so I can use SetAccessRule)but the info GetAccessRules returns doesn't make enough sense for me to use it.

Can someone provide me with some code examples of how I should go about this.

I'm currently doing this on Windows 2008 (powershell 1.0., no QAD, but I'm prepared to 'upgrade' if need be)
1 Solution
I do not have any sample code for you but I would recommend the AD cmdlets  from Quest. http://www.quest.com/powershell/activeroles-server.aspx
As an added bonus they are free.
You can read some example uses such as reading permissions at http://dmitrysotnikov.wordpress.com/2008/05/13/read-active-directory-permissions/
There is a reference wiki at http://wiki.powergui.org/index.php/QAD_cmdlets_reference

Personally I use the Quest PowerGui tool to write my powershell code and find it quite useful.

Featured Post

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now