5. Syntax

Syntax

ADACLScan.ps1 [[-Base] <String>] [[-Targets] <String>] [[-Filter] <String>] [[-Scope] <String>] [[-Server] <String>] [[-Port] <String>] [[-EffectiveRightsPrincipal] <String>][[-Output] <String>] [[-OutputFolder] <String>] [[-Template] <String>] [[-Returns] <String>] [-ExcelFile <String>] [-Criticality <String>] [-ShowCriticalityColor] [-SkipDefaults] [-SkipBuiltIn] [-RecursiveFind] [-RecursiveObjectType <String>] [-Translate] [-GPO] [-Show] [-SDDate] [-Owner] [-CanonicalNames] [-Protected] [-DefaultSecurityDescriptor] [-ObjectName <String>] [-OnlyModified] [-IncludeInherited] [-RAW] [-AccessType <String>] [-Permission <String>] [-ApplyTo <String>] [-FilterTrustee <String>] [<CommonParameters>]

Parameters

-Base <String>
    DistinguishedName to start your search at or type RootDSE for the domain root. Will be included in the result if your filter matches the object.

    Required?                    false
    Position?                    1
    Default value
    Accept pipeline input?       true (ByValue, ByPropertyName)
    Accept wildcard characters?  false

-Targets <String>
    Targets allows you to use a predefined search for specific objects

    Required?                    false
    Position?                    1
    Default value
    Accept pipeline input?       true (ByValue, ByPropertyName)
    Accept wildcard characters?  false

-Filter <String>
    Filter. Specify your custom filter. Default is OrganizationalUnit.

    Required?                    false
    Position?                    2
    Default value
    Accept pipeline input?       false
    Accept wildcard characters?  false

-Scope <String>
    Scope. Set your scope. Default is base.

    Required?                    false
    Position?                    3
    Default value                base
    Accept pipeline input?       false
    Accept wildcard characters?  false

-Server <String>
    Server. Specify your specific server to target your search at.

    Required?                    false
    Position?                    4
    Default value
    Accept pipeline input?       false
    Accept wildcard characters?  false

-Port <String>
    Port. Specify your custom port.

    Required?                    false
    Position?                    5
    Default value
    Accept pipeline input?       false
    Accept wildcard characters?  false

-EffectiveRightsPrincipal <String>
    Specify the samAccountName of a security principal to check for its effective permissions

    Required?                    false
    Position?                    6
    Default value
    Accept pipeline input?       false
    Accept wildcard characters?  false

-Output <String>
    Generates a HTML report, default is a CSV.

    Required?                    false
    Position?                    7
    Default value
    Accept pipeline input?       false
    Accept wildcard characters?  false

-OutputFolder <String>
    Output folder path for where results are written.

    Required?                    false
    Position?                    8
    Default value
    Accept pipeline input?       false
    Accept wildcard characters?  false

-Template <String>
    Template to compare with.

    Required?                    false
    Position?                    9
    Default value
    Accept pipeline input?       false
    Accept wildcard characters?  false

-Returns <String>
    Template to compare with.

    Required?                    false
    Position?                    9
    Default value                ALL
    Accept pipeline input?       false
    Accept wildcard characters?  false

-ExcelFile <String>
    Template to compare with.

    Required?                    false
    Position?                    named
    Default value
    Accept pipeline input?       false
    Accept wildcard characters?  false

-Criticality <String>
    Filter on Criticality.

    Required?                    false
    Position?                    named
    Default value
    Accept pipeline input?       false
    Accept wildcard characters?  false

-ShowCriticalityColor [<SwitchParameter>]
    Show color of criticality

    Required?                    false
    Position?                    named
    Default value                False
    Accept pipeline input?       false
    Accept wildcard characters?  false

-SkipDefaults [<SwitchParameter>]
    Skip default permissions

    Required?                    false
    Position?                    named
    Default value                False
    Accept pipeline input?       false
    Accept wildcard characters?  false

-SkipBuiltIn [<SwitchParameter>]
    Skip Built-in security principals

    Required?                    false
    Position?                    named
    Default value                False
    Accept pipeline input?       false
    Accept wildcard characters?  false

-RecursiveFind [<SwitchParameter>]
    Expand groups

    Required?                    false
    Position?                    named
    Default value                False
    Accept pipeline input?       false
    Accept wildcard characters?  false

-RecursiveObjectType <String>
    Filter on Criticality.

    Required?                    false
    Position?                    named
    Default value                *
    Accept pipeline input?       false
    Accept wildcard characters?  false

-Translate [<SwitchParameter>]
    Skip Built-in security principals

    Required?                    false
    Position?                    named
    Default value                False
    Accept pipeline input?       false
    Accept wildcard characters?  false

-GPO [<SwitchParameter>]
    Get Group Policy Objects linked

    Required?                    false
    Position?                    named
    Default value                False
    Accept pipeline input?       false
    Accept wildcard characters?  false

-Show [<SwitchParameter>]
    Open HTML report

    Required?                    false
    Position?                    named
    Default value                False
    Accept pipeline input?       false
    Accept wildcard characters?  false

-SDDate [<SwitchParameter>]
    Include Security Descriptor modified date in report

    Required?                    false
    Position?                    named
    Default value                False
    Accept pipeline input?       false
    Accept wildcard characters?  false

-Owner [<SwitchParameter>]
    Include Owner in report

    Required?                    false
    Position?                    named
    Default value                False
    Accept pipeline input?       false
    Accept wildcard characters?  false

-CanonicalNames [<SwitchParameter>]
    Include Canonical Names in report

    Required?                    false
    Position?                    named
    Default value                False
    Accept pipeline input?       false
    Accept wildcard characters?  false

-Protected [<SwitchParameter>]
    Include if inheritance is disabled in report

    Required?                    false
    Position?                    named
    Default value                False
    Accept pipeline input?       false
    Accept wildcard characters?  false

-DefaultSecurityDescriptor [<SwitchParameter>]
    Scan Default Security Descriptor

    Required?                    false
    Position?                    named
    Default value                False
    Accept pipeline input?       false
    Accept wildcard characters?  false

-ObjectName <String>
    Filter Default Security Descriptor on ObjectName

    Required?                    false
    Position?                    named
    Default value                *
    Accept pipeline input?       false
    Accept wildcard characters?  false

-OnlyModified [<SwitchParameter>]
    Filter Default Security Descriptor on modified with version number higher than 1

    Required?                    false
    Position?                    named
    Default value                False
    Accept pipeline input?       false
    Accept wildcard characters?  false

-IncludeInherited [<SwitchParameter>]
    Include inherited permissions

    Required?                    false
    Position?                    named
    Default value                False
    Accept pipeline input?       false
    Accept wildcard characters?  false

-RAW [<SwitchParameter>]
    Returns ACE's in the format that .Net presents access permissions

    Required?                    false
    Position?                    named
    Default value                False
    Accept pipeline input?       false
    Accept wildcard characters?  false

-AccessType <String>
    Filter ACL for access type

    Required?                    false
    Position?                    named
    Default value
    Accept pipeline input?       false
    Accept wildcard characters?  false

-Permission <String>
    Filter ACL for a specific permission

    Required?                    false
    Position?                    named
    Default value
    Accept pipeline input?       false
    Accept wildcard characters?  false

-ApplyTo <String>
    Filter ACL ObjectName

    Required?                    false
    Position?                    named
    Default value
    Accept pipeline input?       false
    Accept wildcard characters?  false

-FilterTrustee <String>
    Filter ACL for matching strings in Trustee

    Required?                    false
    Position?                    named
    Default value
    Accept pipeline input?       false
    Accept wildcard characters?  false

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

5. Syntax

Syntax

Parameters

Clone this wiki locally