$theTitle=wp_title(" - ", false); if($theTitle != "") { ?>
About Virtualization, VDI, SBC, Application Compatibility and anything else I feel like
Today one of my collegues asked me to write a script that performs two actions for all users of a certain Organizational Unit:
Sounds like a PowerShell job right?
I reused my function to set NTFS Permissions by SID:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 | function SetNTFSPermissionsBySid([string]$directory, [System.DirectoryServices.DirectoryEntry]$objAD) { # Convert byte array sid to sid string $sID = New-Object System.Security.Principal.SecurityIdentifier $objAD.objectsid[0],0 # Inheritance This Folder, Subfolders and Files) $inherit = [system.security.accesscontrol.InheritanceFlags]"ContainerInherit, ObjectInherit" $propagation = [system.security.accesscontrol.PropagationFlags]"None" # Retrieve the ACL $aCL = Get-Acl $directory # Create Ace $accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule($sID, "Modify", $inherit, $propagation, "Allow") # Add Ace to Acl $aCL.AddAccessRule($accessrule) # Set Acl to the directory Set-Acl -aclobject $aCL -path $directory } |
And then I only needed to get the OU and do a foreach loop on it’s children:
1 2 3 4 5 6 7 8 9 10 | $OU = [ADSI]"LDAP://OU=TheOU,OU=Employees,DC=contoso,DC=com" foreach ($User in $OU.Children) { # Grant Modify Permissions to the user on his homedirectory as specified in AD SetNTFSPermissionsBySid $User.HomeDirectory $User # Unhide the user from the Exchange Address List $User.msExchHideFromAddressLists = $false $User.CommitChanges() } |
Leave a reply