Share via

How to get owner and group name with only path for dish folder

BartekB93 1 Reputation point
2022-10-22T11:33:20.96+00:00

I wonder if it is possible to get the name of the security group that is associated with a given path in network folders, e.g. N: \ DLSI \ Exmaple. Additionally, am I able to obtain the owner of this particular security group?

Windows Server PowerShell
Windows Server PowerShell
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.PowerShell: A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
5,462 questions
0 comments

4 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. MotoX80 32,911 Reputation points
    2022-10-22T12:33:15.56+00:00

    Use get-acl to display the owner and the NTFS permissions that have been applied. 

    (get-acl "C:\Temp\").owner  
(get-acl "C:\Temp\").access
    0 comments
  2. BartekB93 1 Reputation point
    2022-10-24T06:41:00.907+00:00

    This is working but takes data from NTFS premmision, i try to find out the name of the security group at Active directory.

    0 comments
  3. MotoX80 32,911 Reputation points
    2022-10-24T13:42:46.107+00:00

    Well you still need to look at the NTFS permissions to get the name of the AD group. I assume that you are looking for the ManagedBy property. I do not have access to an AD environment to test with, so you will need adjust the Get-ADGroup cmdlet to fit your environment. 

    (get-acl "N:\DLSI" ).access | foreach {  
    "Testing {0}" -f $_.identityreference  
    $id = $_.identityreference.tostring().split("\")                # expecting BUILTIN\Administrators or domain\group   
    if ($id.count -ne 2) {  
        "This can't be a domain group."  
        return  
    }  
    if ($id[0] -match "BUILTIN|NT AUTHORITY|NT SERVICE") {               # look for local identity  
        "Skipping local identity."  
        return  
    }   
    "This looks like a domain entry."  
    "Domain name is {0]" -f $id[0]  
    "This could be a group or user: {0}" -f $id[1]  
    $group = Get-ADGroup -identity $id[1] -properties *      # See https://lazyadmin.nl/powershell/get-adgroup/  
    if ($group) {  
        "We have an object."  
        "It's managedby property is {0}" -f $group.managedby  
    } else {  
        "We didn't find a group."  
    }  
}
    0 comments
  4. Limitless Technology 44,121 Reputation points
    2022-10-25T14:44:41.373+00:00

    Hello,

    The basic way to determine this is to scan all your folders and shares, get the permissions for each, then filter those perms for the Security groups of interest.
    In a small data environment, this isn't too bad.
    In a large data environment, it's much more complex and probably needs a lot of planning.

    Let's say your main datastore is \server\share1.

    in Powershell run:

    $folders = gci -path \server\share1 -force -recurse -directory |select -exp FullName
    foreach ($folder in $folders) {
    $rights = (Get-ACL $folder).Access|where {$_.IdentityReference -eq "$MyGroup"}

    Do something with this data.

    }

    $rights will have their info if they're accessed to the folder.
    You have more work if there are multiple groups of interest; if you're lucky, they'll be named similarly and you can use a "-like" filter with wildcards.

    ---------------------------------------------------------------------------------------------------------------------------------------------------

    --If the reply is helpful, please Upvote and Accept as answer--