[Webinar] Streamline your web hosting managementRegister Today

x
?
Solved

Need a VB or Powershell script to mark all AD subnets as "Protected Against Accidental Deletion"

Posted on 2011-09-25
5
Medium Priority
?
637 Views
Last Modified: 2012-05-12
Folks -

I'm looking for either a VB or Powershell script that will iterate through all the subnets defined in Active Directory Sites & Services and set their "Protect object against accidental deletion" permission.

Thanks for your help.
0
Comment
Question by:amendala
  • 3
5 Comments
 
LVL 25

Expert Comment

by:yo_bee
ID: 36596413
just out of curiosity how many subnets are we talking about?
I am currently looking up a PS script for you, but it might be easier to just manually set them if we are talking about a hand full.

0
 
LVL 27

Accepted Solution

by:
KenMcF earned 2000 total points
ID: 36596483
What OS are you running? If you have 2008R2 or WIndows7 with the RSAT tools you can use the MS AD cmdlets and powershell. Here is an example. Even if you do not have 2008R2 DCs you can install the ADWS and run the cmdlets from a windows 7 workstation.
Foreach ($Subnet in (Get-ADObject -searchbase "cn=subnets,cn=sites,cn=configuration,DC=DEVLAB,DC=Local"  -searchscope 'onelevel' -filter *)){
Set-ADObject $Subnet -ProtectedFromAccidentalDeletion:$TRUE}

Open in new window

0
 
LVL 27

Expert Comment

by:KenMcF
ID: 36596512
And if you do not have 2008R2 or Win7 you can use the Quest AD cmdlets and powershell.


http://www.quest.com/powershell/activeroles-server.aspx

Foreach ($Subnet in (Get-QADObject -searchroot "cn=subnets,cn=sites,cn=configuration,DC=DEVLAB,DC=Local"  -searchscope 'onelevel')){
Add-QADPermission $subnet -Deny -Account Everyone -ApplyTo ThisObjectOnly -Rights DeleteTree,Delete}

Open in new window

0
 

Author Comment

by:amendala
ID: 36600593
KenMcF -

Thank you for your replies.  Your first reply works perfectly and is what I'm after.  Thank you for providing it to me.  I've tested it and all is well.

Can I get you to provide an additional script that will search subnets and report those that are NOT protected?  A simple report of their distinguished name would be sufficient.

I really appreciate your help.  If you don't have time for the other one, let me know and I'll close the question.
0
 
LVL 27

Assisted Solution

by:KenMcF
KenMcF earned 2000 total points
ID: 36600755
No problem. This should give you what you need.


Get-ADObject -searchbase "cn=subnets,cn=sites,cn=configuration,DC=DEVLAB,DC=Local"  -searchscope 'onelevel' -filter * -properties * | Where {$_.ProtectedFromAccidentalDeletion -eq $False} | Select CN

Open in new window

0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
I’m willing to make a bet that your organization stores sensitive data in your Windows File Servers; files and folders that you really don’t want making it into the wrong hands.
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

612 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question