Copying folder permissions to group


In the past, folder permissions at my company have been done on a individual basis. Going forward I want to use security groups, and am trying to make a script to copy the current permissions for our shares into groups I have created.

Right now I have a script that gets all the current user permissions on the folders, get the group name, and makes sure the account is active. I believe I could add the users to the groups fairly easily, but before I go any further I want to make sure I'm not overlooking anything that might cause problems or would make this easier.

Here is my current script:

Add-PSSnapin quest.activeroles.admanagement
get-childitem \\"domain" | where-object { $_.PSIScontainer } | get-acl | select-object path -expandproperty access | select identityreference,path | export-csv c:\powershell\permissions.csv

$users = Import-csv C:\powershell\permissions.csv

foreach ($line in $users) {
    $group = $line.Path.Substring(62)

      if (Get-QADUser $line.IdentityReference -Enabled) { Add user to group here}

      #check for groups who have permissions on folder and add to group

Open in new window


Who is Participating?
ksagle7Connect With a Mentor Author Commented:
Hi Richard,

Thanks for the response.

I ended up finding a solution to my problem. In case anyone else needs it, here is the script I ended up using.

    Add-PSSnapin quest.activeroles.admanagement
    $location = "\\domain\share"

    $folders = Get-ChildItem $location | where {$_.psIsContainer -eq $true}

    FOREACH($folder in $folders){

    $acl = get-acl $folder.fullname


        FOREACH($perm in $perms){
            $permissions="" |Select-Object -Property $collect
            $permissions.Folder=$folder.FullName.substring(24) #I used substring to remove the domain name, leaving the folder name online
            if ($userstr -match "_") #All our usernames have an unscore in them, so I looked for that
                $group = $folder.Name + " Share"
                if (Get-QADUser -Identity $userstr -enabled{ #verify account in enabled
                    add-QADMemberOf -Identity $userstr -Group $group




Open in new window

Since at the windows there is no such events that are been created by the name of copy. For instance at windows there are no such events that create a logs by the name of copy. For that if the logs are only not created then there is a very less chance to get and view the reports of copy.
ksagle7Author Commented:
Found myself
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.