Issue with the script. Please help ASAP

Hi,
I ran the the script below and I am comparing before and after permissions, and seems that it added additional groups that were NOT in the excel file.....

Please help ASAP

Can someone tell me if it is possible or I am thinking that i am going crazy?

So, if I am not crazy then this script would not read the entire group name but only part of the group name and would add  all the groups that are beginning with this name. For example.

I only was suppose to add the group
TARGET01-NYC-DSC-MGM-SEcurityTEST

But now I see that addtional groups were added such as
TARGET01-NYC-DSC-MGM-SEcurityTEST
TARGET01-NYC-DSC-MGM-somethingelse1
TARGET01-NYC-DSC-MGM-somethingelse2

Below is the script:


Import-Csv Permissions3.csv | ForEach-Object {

  # Some defaults
  $InheritanceFlags = "containerInherit, ObjectInherit"
  $PropagationFlags = "None"

  # Override defaults if necessary
  $Inheritance = $_.InheritanceFlags
  Switch ($Inheritance) {
    "Subfolders and Files only"                      { $PropagationFlags = "InheritOnly" }
    "This Folder, One level of Subfolders and Files" { $PropagationFlags = "NoPropagateInherit" }
    "This folder and subfolders"                     { $InheritanceFlags = "ContainerInherit" }
    "Subfolders only"                                { $InheritanceFlags = "ContainerInherit"; $PropagationFlags = "InheritOnly" }
    "This folder and files"                          { $InheritanceFlags = "ObjectInherit" }
    "This folder and one level of files"             { $InheritanceFlags = "ObjectInherit"; $PropagationFlags = "InheritOnly" }
    "This folder only"                               { $InheritanceFlags = "None" }
  }

  # Build an access rule based on the line we read from the file
  $AccessRule = New-Object Security.AccessControl.FileSystemAccessRule(
    $_.Users, $_.FileSystemRights, $InheritanceFlags, $PropagationFlags, $_.AccessControlType)

  # Get the current access list
  $Acl = Get-Acl $_.UNCPath
  # Add the rule
  $Acl.AddAccessRule($AccessRule)
  # Save changes
  Set-Acl -Path $_.UNCPath -AclObject $Acl
}

Open in new window

creative555Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

F IgorDeveloperCommented:
Check the file Permissions3.csv if you have some blank or unformatted lines: your script is looping for lines generating unexpected results.
Otherwhise you should check each line for missing information.
0
creative555Author Commented:
Hey,

I dont see any unformatted lines, but I see spaces in a lot of group names as below. You see there is a space before support. How to make script to put quotes around names so that it take entire group name that is listed in the excel? Could this be a problem?

AHX-DC\Target-DSC-AMER-PC Support
AHX-DC\Target-DSC-AMER-PC Support
AHX-DC\Target-DSC-AMER-PC Support
AHX-DC\Target-DSC-AMER-PC Support
0
creative555Author Commented:
Actually I am wrong. There was no spaces in the group name but dashes...

BElow is the group that I was adding:

TARGET-DSC-USPKG-GENDUP-FIL-GROUP

And two groups below also got added. As you can see, they have dashes NOT spaces
TARGET-DSC-USPKG-FIL-OPSMAN
TARGET-DSC-USPKG-FIL-SUPS
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

QlemoBatchelor, Developer and EE Topic AdvisorCommented:
Assuming "Users" in Permissions.csv is indeed a group name, there is nothing in the code able to add variants of the name provided. It has to be something else causing that effect -  group membership, maybe.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
F IgorDeveloperCommented:
This is the entire content of lines our csv file or it's only a single column of that file?

The import-csv try to read each line separated by a character.
If a line contains more columns than expected your script will fail.

Some columns like Users, FileSystemRights, AccessControlType, UNCPath
must not contain the column separator character and there will be in the same order and count.
You can try to enclose into " each value that contains spaces or special characters like the separator used. It it's all ok then you need to check in another side or try to debug your file printing the parsed values on each line.


Import-Csv Permissions3.csv | ForEach-Object {

echo $_.Users
echo $_.FileSystemRights

...

}

Open in new window

0
QlemoBatchelor, Developer and EE Topic AdvisorCommented:
Since the default delimiter is a comma, this cannot be the issue, fraigor. Import-CSV is only using a single, specific delimiter.
The other statement (too many columns) is also false.
0
creative555Author Commented:
Thank you so much. You are correct that this cannot be an issue. I verified again and it is all good!!
Script is good! thank you. I did add those groups :)
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Scripting Languages

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.