Tag Archives: Import

Empty ADGroup

Script reads old group name and new group name from CSV file.  The processes data from XML and PS1 file. It exports the previous rights to a CSV file in the subdir CSVfiles. Needs XML and CSV files.

PS1:

$xmlConfigfile = ".EmptyADgroup.xml"

	While (((Test-Path $xmlConfigfile) -eq $false) -or ($NoXML)){
		[System.Windows.Forms.MessageBox]::Show("ERROR: $xmlConfigfile not found!")
	write-host De XML file kan niet gevonden worden -F Red
	If (!($psISE)){"Press any key to continue...";[void][System.Console]::ReadKey($true)}
	exit
	}

	If (-not ($CSV -and $Header -and $Migrated -and $Domain -and $OUlocal1 - $OUlocal2 -and $OUGlobal1 -and $OUGlobal2)) {
		$xml = get-content $xmlConfigfile
		If (-not $CSV) {$CSV = $xml.Config.Settings.CSV}
		If (-not $Header) {$Header = $xml.Config.Settings.Header}
		If (-not $Migrated) {$Migrated = $xml.Config.Settings.Migrated}
		}

Import-Module ActiveDirectory

		While (((Test-Path $CSV) -eq $false) -or ($NoCSV)){
		[System.Windows.Forms.MessageBox]::Show("ERROR: $xmlConfigfile not found!")
	write-host De CSV file kan niet gevonden worden -F Red
	If (!($psISE)){"Press any key to continue...";[void][System.Console]::ReadKey($true)}
	exit
	}

$list = @(import-csv -Delimiter ';' $CSV)
write-host ".CSV file contains" $list.count " lines." -F Yellow -B DarkCyan
$list[0]

if ($error.count -ne 0)

{
	write-host "An error occurred during the operation. Details follow:"
	$error[0].categoryInfo
	$error[0].invocationinfo
	write-host "=========================================================="
	write-host "Quit due to an error" -Fore Red
	Exit
}
else
{
	#"Successfully opened .CSV file..."
}

#Loop through .CSV file
foreach($entry in $list)

{
	# Reset the variable to make sure that they are clean before processing a user.
	$Oldgroup=$entry.OldGroup
	$NewGroup=$entry.NewGroup

	if ($Oldgroup -ne $null){$CSVExportFile = ($Oldgroup+".csv")}

		While (((Test-Path ".CSVFiles$CSVExportFile") -ne $false) -or ($NoCSVExportFile)){
		[System.Windows.Forms.MessageBox]::Show("ERROR: $CSVExportFile already exists!")
	write-host Het CSV bestande $CSVExportFile bestaat al -F Red
	If (!($psISE)){"Press any key to continue...";[void][System.Console]::ReadKey($true)}
	exit
	}
	write-host "Er wordt een export gemaakt van de groep $Oldgroup" -b DarkCyan -f Yellow
	$lijst = get-adgroupmember	 $Oldgroup -recursive

	Add-content -Value $Header -Path ".CSVFiles$CSVExportFile"

	foreach ($item in $lijst){
	$Outinfo = $Oldgroup + ";" + $item.samaccountname
	Add-content -Value $Outinfo -Path ".CSVFiles$CSVExportFile"}

			While (((Test-Path ".CSVFiles$CSVExportFile") -eq $false) -or ($NoCSVExportFile)){
		[System.Windows.Forms.MessageBox]::Show("ERROR: $CSVExportFile not found!")
	write-host Het CSV bestand $CSVExportFile is niet weggeschreven -F Red
	If (!($psISE)){"Press any key to continue...";[void][System.Console]::ReadKey($true)}
	exit
	}
	write-host "De export is gemaakt van de groep $Oldgroup op locatie .CSVFiles$CSVExportFile" -b DarkCyan -f Yellow
	write-host "De users in de groep $Oldgroup worden nu uit de groep gehaald" -b DarkCyan -f Yellow
	foreach ($item in $lijst){

	Remove-ADGroupMember $oldgroup -Members $item.samaccountname -Confirm:$false
	}

	$lijst = get-adgroupmember $Oldgroup -recursive
	if ($lijst -ne $null) {write-host "Niet alle users zijn uit de groep $oldgroup gehaald" -b Black -f Red}
	if ($lijst -eq $null) {write-host "Alle users zijn uit de groep $oldgroup gehaald" -b DarkCyan -f Yellow}
	if ($lijst -eq $null) {$Description = get-adgroup "ALC_APL_mibores" -Properties * | ForEach-Object {$_.Description}}
	$AddDescription = "$Migrated $Newgroup |"
	$Description = [string]$description
	$Description = ($AddDescription+$description)
	if ($lijst -eq $null) {Set-ADGroup $Oldgroup -Description $Description}

	}

XML:

<Config> 
  <Settings>
	<CSV>.EmptyADgroup.csv</CSV>
	<Header>Group;sAMaccountname</Header>
	<Migrated>Deze Groep is gemigreerd naar de groep</Migrated>
  </Settings>
</Config>

CSV:

Oldgroup;Newgroup
Oldgroup;Newgroup

ZIP:

EmptyADgroup

 

Get Inherited Permission

Script reads DFS Location from host. Script reads ADuser from host. Script checks whether DFS location and User specified are correct. Then checks how the user have access to the folder and what NTFS rights the user has.

PS1:

#Load Active Directory modules
Import-Module ActiveDirectory 
Clear-host
$Locatie = Read-Host "Voer de DFS Locatie in in UNC Format bijvoorbeeld:\gemeentenet.localdfsdeelnemerfolder"
While ((Test-Path $Locatie) -ne $true){
write-host "De opgegeven locatie bestaat niet. Voor opnieuw in" -b Black -f Red
$Locatie = Read-Host "Voer de DFS Locatie in in UNC Format bijvoorbeeld:\gemeentenet.localdfsdeelnemerfolder"
While ((Test-Path $Locatie) -ne $true){
	[System.Windows.Forms.MessageBox]::Show("ERROR: $locatie bestaat niet. Het script is beeindigd!")
	write-host De $locatie bestaat niet. Voer het script opnieuw uit! -F Red
	If (!($psISE)){"Press any key to continue...";[void][System.Console]::ReadKey($true)}}}
$User = Read-Host "Voer de User in in sAMaccountname Format bijvoorbeeld:othsbe02"
$testresult = get-aduser $User
If ($testresult -eq $null){
write-host "De opgegeven User bestaat niet. Voor opnieuw in" -b Black -f Red
$User = Read-Host "Voer de User in in sAMaccountname Format bijvoorbeeld:othsbe02"
$testresult = get-aduser $User
if ($testresult -eq $null){
	[System.Windows.Forms.MessageBox]::Show("ERROR: $User bestaat niet. Het script is beëindigd!")
	write-host De $User bestaat niet. Voer het script opnieuw uit! -F Red
	If (!($psISE)){"Press any key to continue...";[void][System.Console]::ReadKey($true)}}}
$Folders = @()
$Folders = get-item $locatie  | where {$_.psiscontainer -eq $true}
$outfile = ".temp.csv"
$Header = "Folder Path;IdentityReference;AccessControlType;IsInherited;InheritanceFlags;PropagationFlags;Filesystemrights"
Add-Content -Value $Header -Path $OutFile 
foreach ($Folder in $Folders){
	$ACLs = get-acl $Folder.fullname | ForEach-Object { $_.Access  }
	Foreach ($ACL in $ACLs){
	$OutInfo = $Folder.Fullname + ";" + $ACL.IdentityReference  + ";" + $ACL.AccessControlType + ";" + $ACL.IsInherited + ";" + $ACL.InheritanceFlags + ";" + $ACL.PropagationFlags + ";" + $ACL.FileSystemRights
	Add-Content -Value $OutInfo -Path $OutFile	
	}}

	$CSVImport = import-csv $outfile -delimiter ";"	
	$list1 = @()
	foreach ($item in $CSVImport){
	$identity = $item.Identityreference.replace("GEMEENTENET","")
	if ($item -match "BUILTIN" -and $item -match "Users"){$identity = $item.Identityreference
	$temp1 = Get-ADGroupmember -identity "Domain Users" -recursive |ForEach-Object {$_.sAMaccountname}}

	if ($item -notmatch "Builtin" -and $item -notmatch "NT AUTHORITY" -and $item -notmatch "CREATOR"){
	$temp1 = Get-ADGroupmember $identity -recursive |ForEach-Object {$_.sAMaccountname} }

	if ($item -match "BUILTINAdministrators"){$identity = $item.Identityreference.replace("BUILTIN","")
	$temp1 = Get-ADGroupmember $identity -recursive |ForEach-Object {$_.sAMaccountname} }
	foreach ($line in $temp1){$list1 += $line + ";" + $identity + ";" + $item.FileSystemRights}
	$result = $list1 |? {$user -contains $_}}

$print = $list1 -match $user
$print | sort -unique
remove-item $outfile

ZIP:

 

Restore exported ACL on folder

Import-Module ActiveDirectory

$csv = gci .CSVFiles* -Include *.csv

$list += import-csv $CSV -Delimiter ';'
foreach ($entry in $list){
$Folderpath=$entry.'Folder path'
$Identity=$entry.IdentityReference
$AccessControlType=$entry.AccessControlType
$IsInherited=$entry.IsInherited
$Inheritanceflags=$entry.InheritanceFlags
$PropagationFlags=$entry.PropagationFlags
$FileSystemRights=$entry.FileSystemRights

$OldACL = get-acl $Folderpath
$Newpermission = ($Identity,$FileSystemRights,$Inheritanceflags,$PropagationFlags,$AccessControlType)
write-host $Newpermission
$AccessRule = new-object System.Security.AccessControl.FileSystemAccessRule $NewPermission
$OldACL.SetAccessRule($AccessRule)
$OldAcl | Set-ACL $Folderpath