Solved

Script to export Active Directory permissions then reimport for another group

Posted on 2010-08-23
4
1,170 Views
Last Modified: 2012-08-13
I am looking for a method by which I can;

- Interrogate our active directory to determine all the permissions that a particular group has on OUs
- Export this to a file
- Replace the group in this file with another
- Apply the permissions

So, If Group1 has full control over a particular OU and read access over another, I can duplicate this to a new group

Any ideas?
0
Comment
Question by:aideb
  • 2
4 Comments
 
LVL 31

Accepted Solution

by:
DrUltima earned 300 total points
Comment Utility
Though I don't know how to do exactly what you are looking for, I do  believe it is possible, especially with PowerShell.  Quest has several  very powerful CMDLETS which work very well with AD and OU manipulation:

http://www.quest.com/powershell/activeroles-server.aspx

Here is a blog entry of some of the uses of the GET-QADObject CMDLET, which I have used for other needs and works well:

http://dmitrysotnikov.wordpress.com/2007/05/04/ou-management-with-powershell/
 
 I would recommend adding this Question to the PowerShell Zone, as I think your easiest answer is going to be found there.
 
 Justin
0
 
LVL 5

Assisted Solution

by:Blake_1
Blake_1 earned 200 total points
Comment Utility
If you have any 2008 R2 domain controllers then your best bet is to use the Active Directory Module for Powershell (much more powerful than Quest tools).  Get-Childitem, Get-ACL and some logic will achieve what you are after.  Perhaps someone on here will script it for you.
0
 
LVL 31

Expert Comment

by:DrUltima
Comment Utility
Blake is correct, but I assumed (perhaps wrongly) you were an AD 2003 shop based on your tags.
0
 
LVL 2

Author Closing Comment

by:aideb
Comment Utility
Was quicker to manually check permissions and implement. Thanks anyway
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Deploying a Microsoft Access application in a Citrix environment is not difficult but takes a few steps. However, Citrix system people are often of little help, as they typically know next to nothing about Access. The script provided here will take …
Resolve DNS query failed errors for Exchange
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now