- Details
- Written by: po3dno
- Category: Power Shell
- Hits: 1157
Экспортировать действующие ACL объектов в AD:
$schemaIDGUID = @{}
$ErrorActionPreference = 'SilentlyContinue'
Get-ADObject -SearchBase (Get-ADRootDSE).schemaNamingContext -LDAPFilter '(schemaIDGUID=*)' -Properties name, schemaIDGUID |
ForEach-Object {$schemaIDGUID.add([System.GUID]$_.schemaIDGUID,$_.name)}
Get-ADObject -SearchBase "CN=Extended-Rights,$((Get-ADRootDSE).configurationNamingContext)" -LDAPFilter '(objectClass=controlAccessRight)' -Properties name, rightsGUID |
ForEach-Object {$schemaIDGUID.add([System.GUID]$_.rightsGUID,$_.name)}
$ErrorActionPreference = 'Continue'
$OUs = Get-ADOrganizationalUnit -Filter * | Select-Object -ExpandProperty DistinguishedName
$OUs += Get-ADObject -SearchBase (Get-ADDomain).DistinguishedName -SearchScope OneLevel -LDAPFilter '(objectClass=container)' | Select-Object -ExpandProperty DistinguishedName
#$OU = "OU=Tcs-users,DC=tcsbank,DC=ru"
ForEach ($OU in $OUs) {
$report += Get-Acl -Path "AD:\$OU" |
Select-Object -ExpandProperty Access |
Select-Object @{name='organizationalUnit';expression={$OU}}, `
@{name='objectTypeName';expression={if ($_.objectType.ToString() -eq '00000000-0000-0000-0000-000000000000') {'All'} Else {$schemaIDGUID.Item($_.objectType)}}}, `
@{name='inheritedObjectTypeName';expression={$schemaIDGUID.Item($_.inheritedObjectType)}}, `
*
}
# Dump the raw report out to a CSV file for analysis in Excel.
$report | Export-Csv ".\OU_Permissions.csv" -NoTypeInformation -delimiter "`t" -encoding default
Start-Process ".\OU_Permissions.csv"
- Details
- Written by: po3dno
- Category: Power Shell
- Hits: 1148
Get-ADGroup GROUPNAME | %{$gr = $_; Get-ADGroupMember -Identity $gr | %{$u = get-aduser $_; if (($u.enabled -eq $false) -and ($u.DistinguishedName -like "*lock*")){write-host $u.name $u.DistinguishedName; Remove-ADGroupMember -identity $gr $u -Confirm:$false}}}
- Details
- Written by: po3dno
- Category: Power Shell
- Hits: 1096
param(
[System.IO.FileInfo]$file = $null,
[string]$login = $null
);
$CODEPAGE = "iso-8859-1";
$url_upload = "http://iksrv.ru/photo_update.html";
- Details
- Written by: Senka
- Category: Power Shell
- Hits: 1087
Get-ADGroupMember customers | %{$u1= $_; $gr = (get-adgroup call-operators).DistinguishedName; $u = get-aduser -filter {samaccountname -eq $u1.samaccountname -and (MemberOf -recursivematch $gr)} -property memberof; if (($u | measure).count -eq 0){write-host $u1.name -ForegroundColor green}}
- Details
- Written by: Senka
- Category: Power Shell
- Hits: 1107
Import-Modulet GroupPolicy
Function Get-AllGPO { Get-GPOReport -all -ReportType xml | %{ ([xml]$_).gpo | select name,@{n="SOMName";e={$_.LinksTo | % {$_.SOMName}}},@{n="SOMPath";e={$_.LinksTo | %{$_.SOMPath}}} } } #Get Gpo with name Turn* and display what OU is linked. Get-AllGPO | ? {$_.Name -like "*Turn*"} | ft