Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 642
  • Last Modified:

Need a VB or Powershell script to mark all AD subnets as "Protected Against Accidental Deletion"

Folks -

I'm looking for either a VB or Powershell script that will iterate through all the subnets defined in Active Directory Sites & Services and set their "Protect object against accidental deletion" permission.

Thanks for your help.
0
amendala
Asked:
amendala
  • 3
2 Solutions
 
yo_beeDirector of Information TechnologyCommented:
just out of curiosity how many subnets are we talking about?
I am currently looking up a PS script for you, but it might be easier to just manually set them if we are talking about a hand full.

0
 
KenMcFCommented:
What OS are you running? If you have 2008R2 or WIndows7 with the RSAT tools you can use the MS AD cmdlets and powershell. Here is an example. Even if you do not have 2008R2 DCs you can install the ADWS and run the cmdlets from a windows 7 workstation.
Foreach ($Subnet in (Get-ADObject -searchbase "cn=subnets,cn=sites,cn=configuration,DC=DEVLAB,DC=Local"  -searchscope 'onelevel' -filter *)){
Set-ADObject $Subnet -ProtectedFromAccidentalDeletion:$TRUE}

Open in new window

0
 
KenMcFCommented:
And if you do not have 2008R2 or Win7 you can use the Quest AD cmdlets and powershell.


http://www.quest.com/powershell/activeroles-server.aspx

Foreach ($Subnet in (Get-QADObject -searchroot "cn=subnets,cn=sites,cn=configuration,DC=DEVLAB,DC=Local"  -searchscope 'onelevel')){
Add-QADPermission $subnet -Deny -Account Everyone -ApplyTo ThisObjectOnly -Rights DeleteTree,Delete}

Open in new window

0
 
amendalaAuthor Commented:
KenMcF -

Thank you for your replies.  Your first reply works perfectly and is what I'm after.  Thank you for providing it to me.  I've tested it and all is well.

Can I get you to provide an additional script that will search subnets and report those that are NOT protected?  A simple report of their distinguished name would be sufficient.

I really appreciate your help.  If you don't have time for the other one, let me know and I'll close the question.
0
 
KenMcFCommented:
No problem. This should give you what you need.


Get-ADObject -searchbase "cn=subnets,cn=sites,cn=configuration,DC=DEVLAB,DC=Local"  -searchscope 'onelevel' -filter * -properties * | Where {$_.ProtectedFromAccidentalDeletion -eq $False} | Select CN

Open in new window

0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Building an Effective Phishing Protection Program

Join Director of Product Management Todd OBoyle on April 26th as he covers the key elements of a phishing protection program. Whether you’re an old hat at phishing education or considering starting a program -- we'll discuss critical components that should be in any program.

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now