Patricia Suslowicz
asked on
listing AD groups ACL's
I need to view the security settings on all the distribution groups in a certain OU to verify that authenticated users have read permission. I have tried to dump the acl's with the following in powershell.
foreach($group in Get-ADGroup -filter * -SearchBase "ou=distribution groups,ou=messaging,dc=yyy y,dc=xxx,d c=com" ){
get-acl $group
}
But I get the following error
get-acl : Cannot find path 'CN=zzzzzzzz,OU=Distributi on Groups,OU=Messaging,DC=yyy ,DC=xxx,DC =com' because it does
not exist.
At line:2 char:2
+ (get-acl -path $group).access
+ ~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (:) [Get-Acl], ItemNotFoundException
+ FullyQualifiedErrorId : GetAcl_PathNotFound_Except ion,Micros oft.PowerS hell.Comma nds.GetAcl Command
When I run just
Get-ADGroup -filter * -SearchBase "ou=distribution groups,ou=messaging,dc=yyy ,dc=xxx,dc =com"
I get the following
DistinguishedName : CN=zzzz,OU=Distribution Groups,OU=Messaging,DC=yyy ,DC=xxx,DC =com
What am I doing wrong?
foreach($group in Get-ADGroup -filter * -SearchBase "ou=distribution groups,ou=messaging,dc=yyy
get-acl $group
}
But I get the following error
get-acl : Cannot find path 'CN=zzzzzzzz,OU=Distributi
not exist.
At line:2 char:2
+ (get-acl -path $group).access
+ ~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (:) [Get-Acl], ItemNotFoundException
+ FullyQualifiedErrorId : GetAcl_PathNotFound_Except
When I run just
Get-ADGroup -filter * -SearchBase "ou=distribution groups,ou=messaging,dc=yyy
I get the following
DistinguishedName : CN=zzzz,OU=Distribution Groups,OU=Messaging,DC=yyy
What am I doing wrong?
ASKER
ITguy565 thanks for the fast response. The code that you pointed to works great pulling the permissions for all ou's but I need to dig deeper and get the permissions on all groups in a specific ou and I don't have enough experience with PowerShell to modify the script.
This question needs an answer!
Become an EE member today
7 DAY FREE TRIALMembers can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
https://blogs.technet.microsoft.com/ashleymcglone/2013/03/25/active-directory-ou-permissions-report-free-powershell-script-download/
Open in new window