Import-Module ActiveDirectory

function Get-ADObjectTypeGUID{

    param(
        [Parameter(
            Mandatory = $true,
            ParameterSetName="ObjectType",
            Position = 0,
            ValueFromPipeline = $true   
        )]
        [string]$GUID
    )
    
    if($Global:adObjectTypeGUID -eq $null){
        $ObjectTypeGUID = @{}

        $GetADObjectParameter=@{
            SearchBase=(Get-ADRootDSE).SchemaNamingContext
            LDAPFilter='(SchemaIDGUID=*)'
            Properties=@("Name", "SchemaIDGUID")
        }
        
        $SchGUID=Get-ADObject @GetADObjectParameter
            Foreach ($SchemaItem in $SchGUID){
            $ObjectTypeGUID.Add([GUID]$SchemaItem.SchemaIDGUID,$SchemaItem.Name)
        }
        
        $ADObjExtPar=@{
            SearchBase="CN=Extended-Rights,$((Get-ADRootDSE).ConfigurationNamingContext)"
            LDAPFilter='(ObjectClass=ControlAccessRight)'
            Properties=@("Name", "RightsGUID")
        }
        
        $SchExtGUID=Get-ADObject @ADObjExtPar
            ForEach($SchExtItem in $SchExtGUID){
            $ObjectTypeGUID.Add([GUID]$SchExtItem.RightsGUID,$SchExtItem.Name)
        }
        $Global:adObjectTypeGUID=$ObjectTypeGUID
    }
    return $Global:adObjectTypeGUID[[GUID]$($GUID)]

}

function Get-ADObjectPermission{
    param(
        [Parameter(
            Mandatory = $true,
            ParameterSetName="Identity",
            Position = 0,
            ValueFromPipeline = $true   
        )]
        [string]$Identity,
        [string]$Reference ="*"
    )
    (Get-Acl "AD:$($Identity)").access | Where-Object IdentityReference -Like $Reference | ForEach-Object{
        $object=$_
    
        switch($object.InheritanceType)
        {
         "None" {$object | Add-Member -Force -NotePropertyName InheritanceTypeName -NotePropertyValue "This Object Only"}
         "All" {$object | Add-Member -Force -NotePropertyName InheritanceTypeName -NotePropertyValue "This object and all descendant objects"}
         "Descendents" {$object | Add-Member -Force -NotePropertyName InheritanceTypeName -NotePropertyValue "All descendant objects"}
         "Children" {$object | Add-Member -Force -NotePropertyName InheritanceTypeName -NotePropertyValue "Only apply this permission to objects and/or containers within this container"}
            "SelfAndChildren" {$object | Add-Member -Force -NotePropertyName InheritanceTypeName -NotePropertyValue "Only apply this permission to objects and/or containers within this container"}
        }

         switch($object.PropagationFlags )
        {
         "None" {$object | Add-Member -Force -NotePropertyName PropagationFlags -NotePropertyValue "no inheritance"}
         "InheritOnly" {$object | Add-Member -Force -NotePropertyName PropagationFlags -NotePropertyValue "inheritance child items only"}
         "NoPropagateInherit" {$object | Add-Member -Force -NotePropertyName PropagationFlags -NotePropertyValue "Only Apply this permission to objects and/or containers within this container is selected"}
        }

        if( $object.ObjectType -eq [GUID]"00000000-0000-0000-0000-000000000000"){
            $objectTypeName="all properties"
        }else{
            $objectTypeName= Get-ADObjectTypeGUID -GUID $object.ObjectType
        }
        $object | Add-Member -Force -NotePropertyName ObjectTypeName -NotePropertyValue  $objectTypeName
        
        if( $object.InheritedObjectType -eq [GUID]"00000000-0000-0000-0000-000000000000"){
            $InheritedObjectType="all objects"
        }else{
            $InheritedObjectType= Get-ADObjectTypeGUID -GUID $object.InheritedObjectType
        }
        $object | Add-Member -Force -NotePropertyName InheritedObjectTypeName -NotePropertyValue  $InheritedObjectType

        Write-Output $object
    }
}


Export-ModuleMember -Function Get-ADObjectPermission