Link to home
Create AccountLog in
Avatar of Jharrisonsnbs
Jharrisonsnbs

asked on

Active Directory Security Group Scripting

Hello, I have a client moving from a Novell environment to a Windows infrastructure. They have a large directory structure and need to assign new security group permissions to the folders. I was wondering if there is a way to automate this with a script or tool. If they had to change the permissions manually, it would take a very long time.

I found the Quest migration tool, but that is a little pricey for them.
http://www.quest.com/nds-migrator/

Their current structure is:

Top Level Proj
Project Folder Level
CADD level
    With multiple subfolders

Essentially then need to assign different security groups to each folder. The unfortunate thing is they're not inheriting the permissions down through the tree.

I've read a little about using PowerShell to script it, but I'm not too familiar with PS, so any help would be greatly appreciated.
ASKER CERTIFIED SOLUTION
Avatar of titan123
titan123

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
Avatar of MAndren
MAndren

Here's something I copy and pasted together from some old scripts I've written. There might be a swedish comment here or there, but it should be enough to get you started. You'll probably want to adjust the propagation-flags and maybe some of the other behaviour of the set ACL-part, and adjust the variables for domain controllers, OU and naming-convention for the groups.

I advise that you include all the domain controllers in the site were the server you're copying to is located. Otherwise you might end up having the script fail because the groups you just created on dc1 haven't replicated to dc2 yet, and of course that's the one that the script decides to query when it's trying to set the ACL. :)