Jorge's Quest For Knowledge!

All You Need To Know About Identity And Security On-Premises And In The Cloud. It's Just Like An Addiction, The More You Have, The More You Want To Have!

(2014-08-28) PowerShell And DACLs In AD: Removing All ACEs On Some Object

Posted by Jorge on 2014-08-28


PowerShell Code to remove all ACEs from one or multiple OUs for some security principal.

Example security principal: ADCORP\MyDelegationAdminGroup

# Clear The Screen Clear-Host # Get Script Location $scriptFolder = (Get-Location).Path # Get File With OUs To Process $fileWithListOfOUsToProcess = "List-Of-OUs-To-Process-For-Delegations.txt" # Import The Required Module Import-Module ActiveDirectory #Get The RootDSE Info $rootDSE = Get-ADRootDSE # Get List Of OUs To Process $listOfOUsToProcess = Get-Content $($scriptFolder + "\" + $fileWithListOfOUsToProcess) # Security Principal To Assign Permissions To $securityPrincipalAccount = "ADCORP\MyDelegatedAdminGroup" # Process Each OU $listOfOUsToProcess | %{ $ou = $_ $ouDrivePath = $("AD:\" + $ou) Write-Host "" Write-Host "Processing OU: $ou" -Foregroundcolor Cyan Write-Host " REMOVING ACEs..." Write-Host " Security Principal...: $securityPrincipalAccount" Write-Host "" $aclOU = Get-Acl $ouDrivePath $aclOU.Access | ?{$_.IdentityReference -eq $securityPrincipalAccount} | %{ $accessRule = $_ $aclOU.RemoveAccessRule($accessRule) } $aclOU | Set-Acl $ouDrivePath }

image

Figure 1: DACL Before Removal

If the removal action outputs "True", it means it found the ACE and it was removed. If the removal action outputs "False", it means it did not find the ACE and nothing was removed. 

image

Figure 2: Configuring The DACL Through PowerShell

image

Figure 3: DACL After Removal

Get the PowerShell code from here.

Cheers,

Jorge

———————————————————————————————

* This posting is provided "AS IS" with no warranties and confers no rights!

* Always evaluate/test yourself before using/implementing this!

* DISCLAIMER: https://jorgequestforknowledge.wordpress.com/disclaimer/

———————————————————————————————

############### Jorge’s Quest For Knowledge #############

######### http://JorgeQuestForKnowledge.wordpress.com/ ########

———————————————————————————————

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: