Vista Forums - View Single Post

08-27-2008

wholey smokes... that is quite a lot of parsing

Not sure about Get-ADPermission

But this works for me (using my Get-ADAcl.ps1 script from my blog)

Get-Qadobject -ldapFilter "Objectclass=*" -IncludedProperties 1.1 -size 0
| %{.\Get-ADACL.ps1 $_.dn}

Brandon Shell
---------------
Blog: http://www.bsonposh.com/
PSH Scripts Project: www.codeplex.com/psobject

W> hi,
W>
W> i need to loop through all ad objects to find if a user has rights to
W> anything. the object could be user, ou, computer, or anything in AD.
W>
W> i am quite familiar with get-adpermission cmdlet and use it all the
W> time. however, it only accepts 1 DN. is there a way using powershell
W> to start at root of AD (or start at a specific DN) and loop through
W> all children and list rights a user has for everything below?
W>
W> thank you.
W>

08-27-2008	#2 (permalink)
Brandon Shell [MVP] n/a posts	Re: loop through all ad objects wholey smokes... that is quite a lot of parsing Not sure about Get-ADPermission But this works for me (using my Get-ADAcl.ps1 script from my blog) Get-Qadobject -ldapFilter "Objectclass=*" -IncludedProperties 1.1 -size 0 \| %{.\Get-ADACL.ps1 $_.dn} Brandon Shell --------------- Blog: http://www.bsonposh.com/ PSH Scripts Project: www.codeplex.com/psobject W> hi, W> W> i need to loop through all ad objects to find if a user has rights to W> anything. the object could be user, ou, computer, or anything in AD. W> W> i am quite familiar with get-adpermission cmdlet and use it all the W> time. however, it only accepts 1 DN. is there a way using powershell W> to start at root of AD (or start at a specific DN) and loop through W> all children and list rights a user has for everything below? W> W> thank you. W>
My System Specs