Solved

Script to export Active Directory permissions then reimport for another group

Posted on 2010-08-23
4
1,179 Views
Last Modified: 2012-08-13
I am looking for a method by which I can;

- Interrogate our active directory to determine all the permissions that a particular group has on OUs
- Export this to a file
- Replace the group in this file with another
- Apply the permissions

So, If Group1 has full control over a particular OU and read access over another, I can duplicate this to a new group

Any ideas?
0
Comment
Question by:aideb
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 31

Accepted Solution

by:
Justin Owens earned 300 total points
ID: 33500931
Though I don't know how to do exactly what you are looking for, I do  believe it is possible, especially with PowerShell.  Quest has several  very powerful CMDLETS which work very well with AD and OU manipulation:

http://www.quest.com/powershell/activeroles-server.aspx

Here is a blog entry of some of the uses of the GET-QADObject CMDLET, which I have used for other needs and works well:

http://dmitrysotnikov.wordpress.com/2007/05/04/ou-management-with-powershell/
 
 I would recommend adding this Question to the PowerShell Zone, as I think your easiest answer is going to be found there.
 
 Justin
0
 
LVL 5

Assisted Solution

by:Blake_1
Blake_1 earned 200 total points
ID: 33501285
If you have any 2008 R2 domain controllers then your best bet is to use the Active Directory Module for Powershell (much more powerful than Quest tools).  Get-Childitem, Get-ACL and some logic will achieve what you are after.  Perhaps someone on here will script it for you.
0
 
LVL 31

Expert Comment

by:Justin Owens
ID: 33501364
Blake is correct, but I assumed (perhaps wrongly) you were an AD 2003 shop based on your tags.
0
 
LVL 2

Author Closing Comment

by:aideb
ID: 33539558
Was quicker to manually check permissions and implement. Thanks anyway
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question