Scenario: AdminSDHolder is busted and this has caused inhertiable permissions to be broken causing GPO issues. Now who gonna check all the inhertiable permission 1 x 1 ... well with the help of powershell we have achiceved that...
## sets the "Allow inheritable permissions from parent to propagate to this
##object"check box
# Contains DN of users
$users = Get-Content C:\C:\Navdeep_DoNotDelete\variables\users.txt
ForEach($user in $users)
{
# Binding the users to DS
$ou = [ADSI]("LDAP://" + $user)
$sec = $ou.psbase.objectSecurity
if ($sec.get_AreAccessRulesProtected())
{
$isProtected = $false ## allows inheritance
$preserveInheritance = $true ## preserver inhreited rules
$sec.SetAccessRuleProtection($isProtected, $preserveInheritance)
$ou.psbase.commitchanges()
Write-Host "$user is now inherting permissions";
}
else
{
Write-Host "$User Inheritable Permission already set"
}
}
No comments:
Post a Comment