Get ACL with “DisplayName”
Hi,
I need to get list of users that have access to a network share. I am not very familiar with PowerShell, but came across
get-acl “\\serverName\folder”
my issue is it shows “LoginName” instead of “DisplayName”. Our “LoginNames” are
alpha-numeric and make it difficult to ID the user. So if there is a method of getting either
“loginName” and “DisplayName” or “DisplayName” that would be greatly appreciated.
I need to get list of users that have access to a network share. I am not very familiar with PowerShell, but came across
get-acl “\\serverName\folder”
my issue is it shows “LoginName” instead of “DisplayName”. Our “LoginNames” are
alpha-numeric and make it difficult to ID the user. So if there is a method of getting either
“loginName” and “DisplayName” or “DisplayName” that would be greatly appreciated.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Try one of these then:
Mail attribute;
Mail attribute;
Import-Module ActiveDirectory
Get-Acl -Path "\\serverName\folder" | ForEach-Object {
$path = $_.Path
$_.Access | Select-Object -Property `
@{n='Path'; e={$path}},
@{n='Email'; e={If ($_.IdentityReference.Value -like "${env:UserDomain}\*") {(Get-ADUser -Identity $_.IdentityReference.Value.Split('\')[1] -Property mail).mail} Else {$_.IdentityReference.Value}}},
*
}Import-Module ActiveDirectory
Get-Acl -Path "\\serverName\folder" | ForEach-Object {
$path = $_.Path
$_.Access | Select-Object -Property `
@{n='Path'; e={$path}},
@{n='Name'; e={If ($_.IdentityReference.Value -like "${env:UserDomain}\*") {(Get-ADUser -Identity $_.IdentityReference.Value.Split('\')[1]).Name} Else {$_.IdentityReference.Value}}},
*
}ASKER
Hi oBdA,
once again Thank you.
However for BOTH mail and name attrib, the fields are blank..
im looking at AD Admin Ctr, and in Organization section, DisplayName and E-mail are of course populated.
once again Thank you.
However for BOTH mail and name attrib, the fields are blank..
im looking at AD Admin Ctr, and in Organization section, DisplayName and E-mail are of course populated.
Do you see any errors in the PS console - specifically about the AD module import?
Are the users you want to query in the same domain as the user you're using to run the script?
What do you get when you run the following against a user that should be showing up:
Are the users you want to query in the same domain as the user you're using to run the script?
What do you get when you run the following against a user that should be showing up:
Get-ADUser -Identity <Some Login Name> -Property displayName, mailASKER
ok,
My bad, again due to my not being familiar with the tool.
i was running the script on my laptop, which had PowerShell installed, but NOT getting the results needed.
once I ran the script on a server that had AD installed BOTH scripts worked as expected.
So thank you very much for you Expert assistance..
My bad, again due to my not being familiar with the tool.
i was running the script on my laptop, which had PowerShell installed, but NOT getting the results needed.
once I ran the script on a server that had AD installed BOTH scripts worked as expected.
So thank you very much for you Expert assistance..
ASKER
Hi oBdA
if at all possible, could you direct me how to output to a file instead of to screen???
if at all possible, could you direct me how to output to a file instead of to screen???
The output can be piped directly to other cmdlets, in this case Export-Csv.
So just add " | Export-Csv -NoTypeInformation -Path C:\Temp\acl.csv" at the end of the last line (works with any of the scripts above):
And assuming you have a current version of Windows 10 on your laptop, you can add the AD RSAT tools using an administrative PS console like this:
So just add " | Export-Csv -NoTypeInformation -Path C:\Temp\acl.csv" at the end of the last line (works with any of the scripts above):
Import-Module ActiveDirectory
Get-Acl -Path "\\serverName\folder" | ForEach-Object {
$path = $_.Path
$_.Access | Select-Object -Property `
@{n='Path'; e={$path}},
@{n='DisplayName'; e={If ($_.IdentityReference.Value -like "${env:UserDomain}\*") {(Get-ADUser -Identity $_.IdentityReference.Value.Split('\')[1] -Property displayName).DisplayName} Else {$_.IdentityReference.Value}}},
*
} | Export-Csv -NoTypeInformation -Path C:\Temp\acl.csv And assuming you have a current version of Windows 10 on your laptop, you can add the AD RSAT tools using an administrative PS console like this:
Add-WindowsCapability -Online -Name 'Rsat.ActiveDirectory.DS-LDS.Tools~~~~0.0.1.0'ASKER
Cant Thank you enough....Thank you
ASKER
want to thank you very much as i am NOT familiar at all with PowerShell and your script does provide the solution, so thank you.
I do have another question if you could. Is there a way to include the users email address. ?
although I fully expected the "DisplayName" to actually have the users full name, it is blank, unless it is a built-in account.
This is more thank likely due to how the organization populates its AD.
As for assigning access to folders/shares by group instead of by indv, of course I agree with you.
However, for this particular share/folder, this is how they have decided to do it some time ago.
once again, thank you and i await your response.