Create ACL groups

Ask your PowerShell-related questions, including questions on cmdlet development!
Forum rules
Do not post any licensing information in this forum.

Any code longer than three lines should be added as code using the 'Select Code' dropdown menu or attached as a file.

This forum is a space to discuss coding in PowerShell, and technical issues related to development.

- Question about a licensed SAPIEN product? Post here: Product Support for Registered Users
- Question about a trial SAPIEN product? Post here: Former and Future Customers - Questions
This topic is 8 months and 1 week old and has exceeded the time allowed for comments. Please begin a new topic or use the search feature to find a similar but newer topic.
Locked
Tech-IT-
Posts: 1
Last visit: Sun Apr 21, 2024 12:54 pm

Create ACL groups

Post by Tech-IT- »

I am not an expert
I copied folders from two different servers in different domain .

Unfortunately, the folders on the destination server cannot be reached from the users because the ACL groups copied by robocopy are present in the source domain and cannot be managed at the destination domain.

To solve the problem I should create new local groups (L) at the destination domain and populate them with the correct users (of the source).

The luck thing is that in the destination domain there are "mirror" groups (they have the same name having the same users >>> change only the last suffixs<<<<)
I can get the name of the group by using the name of each foder (present in the destination) and add it in between the 2 fixd suffix.
i.e. if the name of the folder is "financialtax" it can be added in between the two suffix: L. and Write/Read to generate the name group.

“L.financialtax_Write”"
“L.financialtax_Read”

I was trying to create a script that :

1)given a path (folder path) it parses each folders and sub-folder to catch each "folder name" and add it in between standard suffixs by a variable ($FolderName).

L.$FolderName_Write""
L.$FolderName_Read

2) check those groups (if they are present in the destination domain) and if it exists, then add it in the folders ACL groups.

I adapted a script below …but it doesn’t work properly.
It remove the groups present (when created) and replace them with the groups generated by the script instead of add them.
Another issue is the inheritance. The groups present in the parent folder should be propagated within each individual subfolder until the last file (but it does't happen)

-----------------------------

function Set-ACLRecursive {

param (

[Parameter(Mandatory=$true, ValueFromPipeline=$true)]

[System.IO.DirectoryInfo]$Folder

)



# get the folder name

$FolderName = $Folder.Name



# Build the name of the groups

$ReadGroupName = "L.$FolderName_Read"

$WriteGroupName = "L.$FolderName_Write"



# get group SID

$ReadGroupSID = (Get-ADGroup $ReadGroupName).SID

$WriteGroupSID = (Get-ADGroup $WriteGroupName).SID



# Imposta i permessi ACL per la cartella

$ACL = Get-Acl -Path $Folder.FullName

$ACL.SetAccessRuleProtection($true, $false) # Rimuove permission

$ACL.AddAccessRule((New-Object System.Security.AccessControl.FileSystemAccessRule($ReadGroupSID, "ReadAndExecute", "ContainerInherit,ObjectInherit", "None", "Allow")))

$ACL.AddAccessRule((New-Object System.Security.AccessControl.FileSystemAccessRule($WriteGroupSID, "Modify", "ContainerInherit,ObjectInherit", "None", "Allow")))

Set-Acl -Path $Folder.FullName -AclObject $ACL
#Set ACL permissions for the sub-folder

foreach ($SubFolder in $Folder.GetDirectories()) {

Set-ACLRecursive $SubFolder

}
}

#Path Root folder
$RootFolder = “C:\path\folder”

#Function call to start scanning
Set-ACLRecursive (Get-Item $RootFolder)
This topic is 8 months and 1 week old and has exceeded the time allowed for comments. Please begin a new topic or use the search feature to find a similar but newer topic.
Locked