diff --git a/ADX/ADX.psm1 b/ADX/ADX.psm1 index c666ff6..f589c76 100644 --- a/ADX/ADX.psm1 +++ b/ADX/ADX.psm1 @@ -1,4 +1,7 @@ -<# + +Import-Module ActiveDirectory + +<# .SYNOPSIS Sync all DC in a Forest .DESCRIOTION @@ -27,4 +30,95 @@ function Replicate-ADSitesAndServices { Get-ADReplicationPartnerMetadata -Target "$env:USERDNSDOMAIN" -Scope Domain | Select-Object Server,LastReplicationSuccess } -Export-ModuleMember -Function Replicate-ADSitesAndServices \ No newline at end of file + +function Get-ADObjectTypeGUID{ + + param( + [Parameter( + Mandatory = $true, + ParameterSetName="ObjectType", + Position = 0, + ValueFromPipeline = $true + )] + [string]$GUID + ) + + if($Global:adObjectTypeGUID -eq $null){ + $ObjectTypeGUID = @{} + + $GetADObjectParameter=@{ + SearchBase=(Get-ADRootDSE).SchemaNamingContext + LDAPFilter='(SchemaIDGUID=*)' + Properties=@("Name", "SchemaIDGUID") + } + + $SchGUID=Get-ADObject @GetADObjectParameter + Foreach ($SchemaItem in $SchGUID){ + $ObjectTypeGUID.Add([GUID]$SchemaItem.SchemaIDGUID,$SchemaItem.Name) + } + + $ADObjExtPar=@{ + SearchBase="CN=Extended-Rights,$((Get-ADRootDSE).ConfigurationNamingContext)" + LDAPFilter='(ObjectClass=ControlAccessRight)' + Properties=@("Name", "RightsGUID") + } + + $SchExtGUID=Get-ADObject @ADObjExtPar + ForEach($SchExtItem in $SchExtGUID){ + $ObjectTypeGUID.Add([GUID]$SchExtItem.RightsGUID,$SchExtItem.Name) + } + $Global:adObjectTypeGUID=$ObjectTypeGUID + } + return $Global:adObjectTypeGUID[[GUID]$($GUID)] + +} + +function Get-ADObjectPermission{ + param( + [Parameter( + Mandatory = $true, + ParameterSetName="Identity", + Position = 0, + ValueFromPipeline = $true + )] + [string]$Identity, + [string]$Reference ="*" + ) + (Get-Acl "AD:$($Identity)").access | Where-Object IdentityReference -Like $Reference | ForEach-Object{ + $object=$_ + + switch($object.InheritanceType) + { + "None" {$object | Add-Member -Force -NotePropertyName InheritanceTypeName -NotePropertyValue "This Object Only"} + "All" {$object | Add-Member -Force -NotePropertyName InheritanceTypeName -NotePropertyValue "This object and all descendant objects"} + "Descendents" {$object | Add-Member -Force -NotePropertyName InheritanceTypeName -NotePropertyValue "All descendant objects"} + "Children" {$object | Add-Member -Force -NotePropertyName InheritanceTypeName -NotePropertyValue "Only apply this permission to objects and/or containers within this container"} + "SelfAndChildren" {$object | Add-Member -Force -NotePropertyName InheritanceTypeName -NotePropertyValue "Only apply this permission to objects and/or containers within this container"} + } + + switch($object.PropagationFlags ) + { + "None" {$object | Add-Member -Force -NotePropertyName PropagationFlags -NotePropertyValue "no inheritance"} + "InheritOnly" {$object | Add-Member -Force -NotePropertyName PropagationFlags -NotePropertyValue "inheritance child items only"} + "NoPropagateInherit" {$object | Add-Member -Force -NotePropertyName PropagationFlags -NotePropertyValue "Only Apply this permission to objects and/or containers within this container is selected"} + } + + if( $object.ObjectType -eq [GUID]"00000000-0000-0000-0000-000000000000"){ + $objectTypeName="all properties" + }else{ + $objectTypeName= Get-ADObjectTypeGUID -GUID $object.ObjectType + } + $object | Add-Member -Force -NotePropertyName ObjectTypeName -NotePropertyValue $objectTypeName + + if( $object.InheritedObjectType -eq [GUID]"00000000-0000-0000-0000-000000000000"){ + $InheritedObjectType="all objects" + }else{ + $InheritedObjectType= Get-ADObjectTypeGUID -GUID $object.InheritedObjectType + } + $object | Add-Member -Force -NotePropertyName InheritedObjectTypeName -NotePropertyValue $InheritedObjectType + + Write-Output $object + } +} + +Export-ModuleMember -Function Replicate-ADSitesAndServices,Get-ADObjectPermission \ No newline at end of file diff --git a/ADX/Get-ADObjectPermission.psm1 b/ADX/Get-ADObjectPermission.psm1 new file mode 100644 index 0000000..207fc66 --- /dev/null +++ b/ADX/Get-ADObjectPermission.psm1 @@ -0,0 +1,94 @@ +Import-Module ActiveDirectory + +function Get-ADObjectTypeGUID{ + + param( + [Parameter( + Mandatory = $true, + ParameterSetName="ObjectType", + Position = 0, + ValueFromPipeline = $true + )] + [string]$GUID + ) + + if($Global:adObjectTypeGUID -eq $null){ + $ObjectTypeGUID = @{} + + $GetADObjectParameter=@{ + SearchBase=(Get-ADRootDSE).SchemaNamingContext + LDAPFilter='(SchemaIDGUID=*)' + Properties=@("Name", "SchemaIDGUID") + } + + $SchGUID=Get-ADObject @GetADObjectParameter + Foreach ($SchemaItem in $SchGUID){ + $ObjectTypeGUID.Add([GUID]$SchemaItem.SchemaIDGUID,$SchemaItem.Name) + } + + $ADObjExtPar=@{ + SearchBase="CN=Extended-Rights,$((Get-ADRootDSE).ConfigurationNamingContext)" + LDAPFilter='(ObjectClass=ControlAccessRight)' + Properties=@("Name", "RightsGUID") + } + + $SchExtGUID=Get-ADObject @ADObjExtPar + ForEach($SchExtItem in $SchExtGUID){ + $ObjectTypeGUID.Add([GUID]$SchExtItem.RightsGUID,$SchExtItem.Name) + } + $Global:adObjectTypeGUID=$ObjectTypeGUID + } + return $Global:adObjectTypeGUID[[GUID]$($GUID)] + +} + +function Get-ADObjectPermission{ + param( + [Parameter( + Mandatory = $true, + ParameterSetName="Identity", + Position = 0, + ValueFromPipeline = $true + )] + [string]$Identity, + [string]$Reference ="*" + ) + (Get-Acl "AD:$($Identity)").access | Where-Object IdentityReference -Like $Reference | ForEach-Object{ + $object=$_ + + switch($object.InheritanceType) + { + "None" {$object | Add-Member -Force -NotePropertyName InheritanceTypeName -NotePropertyValue "This Object Only"} + "All" {$object | Add-Member -Force -NotePropertyName InheritanceTypeName -NotePropertyValue "This object and all descendant objects"} + "Descendents" {$object | Add-Member -Force -NotePropertyName InheritanceTypeName -NotePropertyValue "All descendant objects"} + "Children" {$object | Add-Member -Force -NotePropertyName InheritanceTypeName -NotePropertyValue "Only apply this permission to objects and/or containers within this container"} + "SelfAndChildren" {$object | Add-Member -Force -NotePropertyName InheritanceTypeName -NotePropertyValue "Only apply this permission to objects and/or containers within this container"} + } + + switch($object.PropagationFlags ) + { + "None" {$object | Add-Member -Force -NotePropertyName PropagationFlags -NotePropertyValue "no inheritance"} + "InheritOnly" {$object | Add-Member -Force -NotePropertyName PropagationFlags -NotePropertyValue "inheritance child items only"} + "NoPropagateInherit" {$object | Add-Member -Force -NotePropertyName PropagationFlags -NotePropertyValue "Only Apply this permission to objects and/or containers within this container is selected"} + } + + if( $object.ObjectType -eq [GUID]"00000000-0000-0000-0000-000000000000"){ + $objectTypeName="all properties" + }else{ + $objectTypeName= Get-ADObjectTypeGUID -GUID $object.ObjectType + } + $object | Add-Member -Force -NotePropertyName ObjectTypeName -NotePropertyValue $objectTypeName + + if( $object.InheritedObjectType -eq [GUID]"00000000-0000-0000-0000-000000000000"){ + $InheritedObjectType="all objects" + }else{ + $InheritedObjectType= Get-ADObjectTypeGUID -GUID $object.InheritedObjectType + } + $object | Add-Member -Force -NotePropertyName InheritedObjectTypeName -NotePropertyValue $InheritedObjectType + + Write-Output $object + } +} + + +Export-ModuleMember -Function Get-ADObjectPermission \ No newline at end of file