Share via

Audit permissions

André Borgeld 431 Reputation points
2022-12-06T10:54:25.713+00:00

Dear people,

I have the following code. Now I get the groups on the fileshare with permissions, but how can I change this to get a column with the AD group members? 

$FolderPath = dir -Directory -Path "\\Fileshare\File" -Force #-recurse mogelijk  
$Report = @()  
ForEach ($Folder in $FolderPath) {  
    $Acl = Get-Acl -Path $Folder.FullName  

    foreach ($Access in $acl.Access)  
        {  
            $Properties = [ordered]@{'FolderName'=$Folder.FullName;'AD Group or User'=$Access.IdentityReference;'Permissions'=$Access.FileSystemRights;'Inherited'=$Access.IsInherited}  
            $Report += New-Object -TypeName PSObject -Property $Properties  
        }  
}  
$Report | Export-Csv -Delimiter ';' -path "C:\Temp\permissions.csv"
Windows Server PowerShell
Windows Server PowerShell
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.PowerShell: A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
5,628 questions
0 comments
Accepted answer
  1. Anonymous
    2022-12-07T07:07:53.52+00:00

    Hi @André Borgeld ,

    You can use the Get-ADGroupMember cmdlet to get the AD group members and join the names into a single string because an array cannot be stored in the csv file. 

    $FolderPath = dir -Directory -Path "\\Fileshare\File" -Force #-recurse mogelijk  
$Report = @()  
ForEach ($Folder in $FolderPath) {  
    $Acl = Get-Acl -Path $Folder.FullName  
    foreach ($Access in $acl.Access)  
    {  
        try{  
            $GroupMember = Get-ADGroupMember ($Access.IdentityReference.Value -Replace $((Get-ADDomain).NetBIOSName)+'\\')  
            $Properties = [ordered]@{'FolderName'=$Folder.FullName;'AD Group or User'=$Access.IdentityReference;'Permissions'=$Access.FileSystemRights;'Inherited'=$Access.IsInherited;'Group Member'=$GroupMember.name -join ','}  
       }  
       catch{  
            $Properties = [ordered]@{'FolderName'=$Folder.FullName;'AD Group or User'=$Access.IdentityReference;'Permissions'=$Access.FileSystemRights;'Inherited'=$Access.IsInherited;'Group Member'=''}  
       }  
       $Report += New-Object -TypeName PSObject -Property $Properties  
    }  
}  
$Report | Export-Csv -Delimiter ';' -path "C:\Temp\permissions.csv"

    Best Regards,
    Ian Xue

    -----------------------------

    If the Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. André Borgeld 431 Reputation points
    2022-12-08T10:13:18.25+00:00

    Thank you @Anonymous for this and for the explanation.
    It works like a charm.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.