chha/PowershellModules
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Add ADObjectPermissio

Browse Source
This commit is contained in:
Haug, Christoph 2022-05-19 10:59:00 +02:00
parent 2381d32a5a
commit 4241416100
2 changed files with 190 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

98
ADX/ADX.psm1
View File

@ -1,4 +1,7 @@
<# 
Import-Module ActiveDirectory
<#
.SYNOPSIS .SYNOPSIS
Sync all DC in a Forest Sync all DC in a Forest
.DESCRIOTION .DESCRIOTION
@ -27,4 +30,95 @@ function Replicate-ADSitesAndServices {
Get-ADReplicationPartnerMetadata -Target "$env:USERDNSDOMAIN" -Scope Domain | Select-Object Server,LastReplicationSuccess Get-ADReplicationPartnerMetadata -Target "$env:USERDNSDOMAIN" -Scope Domain | Select-Object Server,LastReplicationSuccess
} }
Export-ModuleMember -Function Replicate-ADSitesAndServices
function Get-ADObjectTypeGUID{
param(
[Parameter(
Mandatory = $true,
ParameterSetName="ObjectType",
Position = 0,
ValueFromPipeline = $true
)]
[string]$GUID
)
if($Global:adObjectTypeGUID -eq $null){
$ObjectTypeGUID = @{}
$GetADObjectParameter=@{
SearchBase=(Get-ADRootDSE).SchemaNamingContext
LDAPFilter='(SchemaIDGUID=*)'
Properties=@("Name", "SchemaIDGUID")
}
$SchGUID=Get-ADObject @GetADObjectParameter
Foreach ($SchemaItem in $SchGUID){
$ObjectTypeGUID.Add([GUID]$SchemaItem.SchemaIDGUID,$SchemaItem.Name)
}
$ADObjExtPar=@{
SearchBase="CN=Extended-Rights,$((Get-ADRootDSE).ConfigurationNamingContext)"
LDAPFilter='(ObjectClass=ControlAccessRight)'
Properties=@("Name", "RightsGUID")
}
$SchExtGUID=Get-ADObject @ADObjExtPar
ForEach($SchExtItem in $SchExtGUID){
$ObjectTypeGUID.Add([GUID]$SchExtItem.RightsGUID,$SchExtItem.Name)
}
$Global:adObjectTypeGUID=$ObjectTypeGUID
}
return $Global:adObjectTypeGUID[[GUID]$($GUID)]
}
function Get-ADObjectPermission{
param(
[Parameter(
Mandatory = $true,
ParameterSetName="Identity",
Position = 0,
ValueFromPipeline = $true
)]
[string]$Identity,
[string]$Reference ="*"
)
(Get-Acl "AD:$($Identity)").access | Where-Object IdentityReference -Like $Reference | ForEach-Object{
$object=$_
switch($object.InheritanceType)
{
"None" {$object | Add-Member -Force -NotePropertyName InheritanceTypeName -NotePropertyValue "This Object Only"}
"All" {$object | Add-Member -Force -NotePropertyName InheritanceTypeName -NotePropertyValue "This object and all descendant objects"}
"Descendents" {$object | Add-Member -Force -NotePropertyName InheritanceTypeName -NotePropertyValue "All descendant objects"}
"Children" {$object | Add-Member -Force -NotePropertyName InheritanceTypeName -NotePropertyValue "Only apply this permission to objects and/or containers within this container"}
"SelfAndChildren" {$object | Add-Member -Force -NotePropertyName InheritanceTypeName -NotePropertyValue "Only apply this permission to objects and/or containers within this container"}
}
switch($object.PropagationFlags )
{
"None" {$object | Add-Member -Force -NotePropertyName PropagationFlags -NotePropertyValue "no inheritance"}
"InheritOnly" {$object | Add-Member -Force -NotePropertyName PropagationFlags -NotePropertyValue "inheritance child items only"}
"NoPropagateInherit" {$object | Add-Member -Force -NotePropertyName PropagationFlags -NotePropertyValue "Only Apply this permission to objects and/or containers within this container is selected"}
}
if( $object.ObjectType -eq [GUID]"00000000-0000-0000-0000-000000000000"){
$objectTypeName="all properties"
}else{
$objectTypeName= Get-ADObjectTypeGUID -GUID $object.ObjectType
}
$object | Add-Member -Force -NotePropertyName ObjectTypeName -NotePropertyValue $objectTypeName
if( $object.InheritedObjectType -eq [GUID]"00000000-0000-0000-0000-000000000000"){
$InheritedObjectType="all objects"
}else{
$InheritedObjectType= Get-ADObjectTypeGUID -GUID $object.InheritedObjectType
}
$object | Add-Member -Force -NotePropertyName InheritedObjectTypeName -NotePropertyValue $InheritedObjectType
Write-Output $object
}
}
Export-ModuleMember -Function Replicate-ADSitesAndServices,Get-ADObjectPermission

94
ADX/Get-ADObjectPermission.psm1 Normal file
View File

@ -0,0 +1,94 @@
Import-Module ActiveDirectory
function Get-ADObjectTypeGUID{
param(
[Parameter(
Mandatory = $true,
ParameterSetName="ObjectType",
Position = 0,
ValueFromPipeline = $true
)]
[string]$GUID
)
if($Global:adObjectTypeGUID -eq $null){
$ObjectTypeGUID = @{}
$GetADObjectParameter=@{
SearchBase=(Get-ADRootDSE).SchemaNamingContext
LDAPFilter='(SchemaIDGUID=*)'
Properties=@("Name", "SchemaIDGUID")
}
$SchGUID=Get-ADObject @GetADObjectParameter
Foreach ($SchemaItem in $SchGUID){
$ObjectTypeGUID.Add([GUID]$SchemaItem.SchemaIDGUID,$SchemaItem.Name)
}
$ADObjExtPar=@{
SearchBase="CN=Extended-Rights,$((Get-ADRootDSE).ConfigurationNamingContext)"
LDAPFilter='(ObjectClass=ControlAccessRight)'
Properties=@("Name", "RightsGUID")
}
$SchExtGUID=Get-ADObject @ADObjExtPar
ForEach($SchExtItem in $SchExtGUID){
$ObjectTypeGUID.Add([GUID]$SchExtItem.RightsGUID,$SchExtItem.Name)
}
$Global:adObjectTypeGUID=$ObjectTypeGUID
}
return $Global:adObjectTypeGUID[[GUID]$($GUID)]
}
function Get-ADObjectPermission{
param(
[Parameter(
Mandatory = $true,
ParameterSetName="Identity",
Position = 0,
ValueFromPipeline = $true
)]
[string]$Identity,
[string]$Reference ="*"
)
(Get-Acl "AD:$($Identity)").access | Where-Object IdentityReference -Like $Reference | ForEach-Object{
$object=$_
switch($object.InheritanceType)
{
"None" {$object | Add-Member -Force -NotePropertyName InheritanceTypeName -NotePropertyValue "This Object Only"}
"All" {$object | Add-Member -Force -NotePropertyName InheritanceTypeName -NotePropertyValue "This object and all descendant objects"}
"Descendents" {$object | Add-Member -Force -NotePropertyName InheritanceTypeName -NotePropertyValue "All descendant objects"}
"Children" {$object | Add-Member -Force -NotePropertyName InheritanceTypeName -NotePropertyValue "Only apply this permission to objects and/or containers within this container"}
"SelfAndChildren" {$object | Add-Member -Force -NotePropertyName InheritanceTypeName -NotePropertyValue "Only apply this permission to objects and/or containers within this container"}
}
switch($object.PropagationFlags )
{
"None" {$object | Add-Member -Force -NotePropertyName PropagationFlags -NotePropertyValue "no inheritance"}
"InheritOnly" {$object | Add-Member -Force -NotePropertyName PropagationFlags -NotePropertyValue "inheritance child items only"}
"NoPropagateInherit" {$object | Add-Member -Force -NotePropertyName PropagationFlags -NotePropertyValue "Only Apply this permission to objects and/or containers within this container is selected"}
}
if( $object.ObjectType -eq [GUID]"00000000-0000-0000-0000-000000000000"){
$objectTypeName="all properties"
}else{
$objectTypeName= Get-ADObjectTypeGUID -GUID $object.ObjectType
}
$object | Add-Member -Force -NotePropertyName ObjectTypeName -NotePropertyValue $objectTypeName
if( $object.InheritedObjectType -eq [GUID]"00000000-0000-0000-0000-000000000000"){
$InheritedObjectType="all objects"
}else{
$InheritedObjectType= Get-ADObjectTypeGUID -GUID $object.InheritedObjectType
}
$object | Add-Member -Force -NotePropertyName InheritedObjectTypeName -NotePropertyValue $InheritedObjectType
Write-Output $object
}
}
Export-ModuleMember -Function Get-ADObjectPermission