How can I do an AD file permissions audit before migrating to a new server

Question

I have a 10 year old 2012 Standard server that I am migrating to a new 2022 sever. The old one has a bunch of legacy stuff that I would like to clean up and verify. Namely I want to be sure the access to files in reality correlates to what the expectations are. There are a lot of directories, subdirectories, and files on this server. I would like to put together a spreadsheet that shows each directory and it's subdirectories without the files and what security groups have what kind of access. I have been trying a few PowerShell scripts, but not getting exactly what I'm after. I really feel I'm not the first person to need this, so, in order not to reinvent the wheel, thought I would ask here.

Answer 1

Hi,

You can get the permissions of the directories using the Get-Acl cmdlet and export the result to a csv file using Export-Csv. It can be something like this.

$Dirs = @("C:\temp\a","C:\temp\b")
$DirAcls=@()
Get-ChildItem -Recurse -Directory -Path $Dirs | ForEach-Object { 
    $Path = $_.FullName
    (Get-Acl -Path $Path ).access| ForEach-Object {
        Add-Member -InputObject $_ -MemberType NoteProperty -Name "FullPath" -Value $path
        $DirAcls += $_
    }
}
$DirAcls | Export-Csv -NoTypeInformation -Path C:\temp\DirAcls.csv

Best Regards,

Ian Xue

---

If the Answer is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.