When the script is done, it will tell you how many permissions were exported and where:
In the example below, I ran the Function with the -Output c:\temp\permissions.csv Parameter
StartOU, the start OU to scan including child OU’s, format it like ‘OU=Servers,DC=domain,DC=Local’. Output, enter the path to where the CSV file should be stored, e.g c:\temp\OU_ACL.csv. Some Built-In Security Identifiers were also not translated, translated using a Microsoft Docs page as input ( here)Īfter running the script, the Get-ActiveDirectoryOUpermissions function is available with two Parameters:. Luckily someone already wrote a function for that which I used in the script (Downloaded that from here) Some ObjectTypes were not translated to a friendly/more readable name. (For example, when Delegate Control was used for Helpdesk tasks like resetting/unlocking accounts etc.) Challengesĭuring the creation and testing of the Get-ActiveDirectoryOupermissions function, I ran into a few issues: Things like inheritance should be reported, and on what type of objects the permissions were given. 
The output should be stored in a CSV file for easy import in Excel or other tools which could report on the data. The script should scan all OUs in the Active Directory Domain, but you should also be able to specify a certain OU to start including all child OUs.
0 kommentar(er)
