I am trying to automate a network wide (about 2.4 million folders) search for those folders, what Active Directory groups have access to them, and what type of access that is.
I have code that does the above, but it does it for every item on the folders, except the ones that I filter out with code such as:
$ACLs = Get-Acl $Folder.FullName |
ForEach-Object {$_.Access} |
Where {$_.IdentityReference -notlike "*BUILTIN*" -and $_.IdentityReference -notlike "*NT AUTHORITY*"}
There are more in my list of "Where" statements, and this works ok, but I would like to only show Groups, and not User accounts.
Some testing script I've started for checking one folder is as follows:
(Get-Acl "\\Server\FilePath").Access |
Select-Object FileSystemRights,AccessControlType,IdentityRefernece
Where {$_.IdentityReference -notlike "*BUILTIN*" -and $_.IdentityReference -notlike "*NT AUTHORITY*"}
This gives me a list of Users and Groups, along with their access to that folder.
My question is: How do I filter out for only showing Groups for this kind of folder permission information gathering?
↧
Powershell Filter For Active Directory Groups Only.
↧