Skript, mis küsib ACL-i objekte AD-st - Powershell

From ICO wiki
Jump to navigationJump to search


Skripti kasutamiseks läheb vaja PowerGUI koos AD powerpack-iga. Skript ei käi läbi alamkatalooge ja faile. 

#
# Lauri Liibert AK21 2011
# Powershell skript
#
#

# kausta valmise funktsioon, avab anka kus saab hiirega valida 
function Select-Folder($message='Vali kaust', $path = 0) {
   $bf = New-Object -comObject Shell.Application  
   $folder = $bf.BrowseForFolder(0, $message, 0, $path)  
   if ($folder -ne $null) {
     $folder.self.Path  
   }
}

$pwd = pwd # kataloog kus hetkel oleme
$result = "\tulemus.txt" # faili nimi kuhu salvestame
$file = $pwd + $result #liidame pwd ja faili kokku
$dir = Select-Folder # käivitame kausta funktsiooni

echo "***" > $file
echo "Folder premissions" >> $file
echo "***" >> $file

$acl = Get-ChildItem $dir | Get-Acl # küsime kasusta acl-i, ainult kaustad
$list = $acl | ForEach-Object {$_.Access} | ForEach-Object {$_.IdentityReference} | Sort-Object | Get-Unique # leiame unikaalsed õigused

$rs = "Microsoft.PowerShell.Core\\FileSystem\:\:" 

#Kuvame kaustad mis pärivad õiguseid.
echo "---" >> $file
echo "Is Inherited: $dir"  >> $file
echo "---" >> $file
foreach ($item in $acl) {
	$path = $item | Foreach {$_.Path -replace $rs, ""} #kustutame path eest koleda rea, selle jaoks on tegelikult korralik command olemas
	$parib = $item | ForEach-Object {$_.Access} | ForEach-Object {$_.IsInherited} | Get-Unique	
	if($parib) {$path >> $file} else {$isinherited = $true}
}

Get-Acl $dir | ForEach-Object {$_.Access} | Format-Table FileSystemRights, IdentityReference -HideTableHeaders -AutoSize >> $file

#Kuvame kaustad mis ei päri õiguseid.
if ($isinherited){
	echo "---" >> $file
	echo "Isn't Inherited" >> $file
	echo "---" >> $file
	foreach ($item in $acl) {
		$path = $item | Foreach {$_.Path -replace $rs, ""}
		$parib = $item | ForEach-Object {$_.Access} | ForEach-Object {$_.IsInherited} | Get-Unique	
		if(!$parib) {
			$path >> $file
			$item | ForEach-Object {$_.Access} | Format-Table FileSystemRights, IdentityReference -HideTableHeaders -AutoSize >> $file
		}
	}
}

echo "***" >> $file
echo "Group Users" >> $file
echo "***" >> $file

# kuvame grupi inimesed
foreach ($item in $list) {
	$groups = $item.ToString()
	$c1 = @{Expression={$_.name};Label=$groups;}
	$type = Get-QADObject $groups | ForEach-Object {$_.Type} | Get-Unique	
	if($type -eq "group"){
		Get-QADGroupMember $groups -IncludedProperties name |
		Format-Table $c1 >> $file
	}
}
Retrieved from "https://wiki.itcollege.ee/index.php?title=Skript,_mis_küsib_ACL-i_objekte_AD-st_-_Powershell&oldid=31340"