How can I do an AD file permissions audit before migrating to a new server

Jim 306 Reputation points
2023-08-03T17:16:14.03+00:00

I have a 10 year old 2012 Standard server that I am migrating to a new 2022 sever. The old one has a bunch of legacy stuff that I would like to clean up and verify. Namely I want to be sure the access to files in reality correlates to what the expectations are. There are a lot of directories, subdirectories, and files on this server. I would like to put together a spreadsheet that shows each directory and it's subdirectories without the files and what security groups have what kind of access. I have been trying a few PowerShell scripts, but not getting exactly what I'm after. I really feel I'm not the first person to need this, so, in order not to reinvent the wheel, thought I would ask here.

Windows for business | Windows Client for IT Pros | Directory services | Active Directory
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Anonymous
    2023-08-04T05:27:00.6666667+00:00

    Hi,

    You can get the permissions of the directories using the Get-Acl cmdlet and export the result to a csv file using Export-Csv. It can be something like this.

    $Dirs = @("C:\temp\a","C:\temp\b")
    $DirAcls=@()
    Get-ChildItem -Recurse -Directory -Path $Dirs | ForEach-Object { 
        $Path = $_.FullName
        (Get-Acl -Path $Path ).access| ForEach-Object {
            Add-Member -InputObject $_ -MemberType NoteProperty -Name "FullPath" -Value $path
            $DirAcls += $_
        }
    }
    $DirAcls | Export-Csv -NoTypeInformation -Path C:\temp\DirAcls.csv
    

    Best Regards,

    Ian Xue


    If the Answer is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.