-
Notifications
You must be signed in to change notification settings - Fork 162
6. Examples
Robin Granberg edited this page Aug 28, 2022
·
1 revision
-------------------------- EXAMPLE 1 --------------------------
PS > .\ADACLScan.ps1
Start in GUI mode.
-------------------------- EXAMPLE 2 --------------------------
PS > .\ADACLScan.ps1 -Base "OU=CORP,DC=CONTOS,DC=COM"
Returns the permissions of the object CORP.
-------------------------- EXAMPLE 3 --------------------------
PS > .\ADACLScan.ps1 -Base rootdse
Returns the ACL of the domain root.
-------------------------- EXAMPLE 4 --------------------------
PS > .\ADACLScan.ps1 -Base "OU=CORP,DC=CONTOS,DC=COM" -Credentials $CREDS -Server 10.0.0.20
Returns the permissions of the object CORP using credentials on Domain Controller 10.0.0.20.
-------------------------- EXAMPLE 5 --------------------------
PS > .\ADACLScan.ps1 -Base "OU=CORP,DC=CONTOS,DC=COM" -Output HTML
Create a HTML file with the permissions of the object CORP.
-------------------------- EXAMPLE 6 --------------------------
PS > .\ADACLScan.ps1 -Base "OU=CORP,DC=CONTOS,DC=COM" -Output EXCEL
Create a Excel file with the permissions of the object CORP.
-------------------------- EXAMPLE 7 --------------------------
PS > .\ADACLScan.ps1 -Base "OU=CORP,DC=CONTOS,DC=COM" -Output HTML -Show
Opens the HTML (HTA) file with the permissions of the object CORP.
-------------------------- EXAMPLE 8 --------------------------
PS > .\ADACLScan.ps1 -Base "OU=CORP,DC=CONTOS,DC=COM" -Output HTML -Show -SDDate
Opens the HTML (HTA) file with the permissions of the object CORP including the modified date of the security descriptor.
-------------------------- EXAMPLE 9 --------------------------
PS > .\ADACLScan.ps1 -Base "OU=CORP,DC=CONTOS,DC=COM" -OutputFolder C:\Temp
Create a CSV file in the folder C:\Temp, with the permissions of the object CORP.
-------------------------- EXAMPLE 10 --------------------------
PS > .\ADACLScan.ps1 -Base "OU=CORP,DC=CONTOS,DC=COM" -Scope subtree
Create a CSV file with the permissions of the object CORP and all child objects of type OrganizationalUnit.
-------------------------- EXAMPLE 11 --------------------------
PS > .\ADACLScan.ps1 -Base "OU=CORP,DC=CONTOS,DC=COM" -Scope subtree -EffectiveRightsPrincipal joe
Create a CSV file with the effective permissions of all the objects in the path for the user "joe".
-------------------------- EXAMPLE 12 --------------------------
PS > .\ADACLScan.ps1 -Base "OU=CORP,DC=CONTOS,DC=COM" -Scope subtree -Filter "(objectClass=user)"
Create a CSV file with the permissions of all the objects in the path and below that matches the filter (objectClass=user).
-------------------------- EXAMPLE 13 --------------------------
PS > .\ADACLScan.ps1 -Base "OU=CORP,DC=CONTOS,DC=COM" -Scope subtree -Filter "(objectClass=user)" -Server DC1
Targeted search against server "DC1" that will create a CSV file with the permissions of all the objects in the path and below that matches the filter (objectClass=user).
-------------------------- EXAMPLE 14 --------------------------
PS > .\ADACLScan.ps1 -Base "OU=CORP,DC=CONTOS,DC=COM" -Scope subtree -Filter "(objectClass=user)" -Server DC1 -Port 389
Targeted search against server "DC1" on port 389 that will create a CSV file with the permissions of all the objects in the path and below that matches the filter (objectClass=user).
-------------------------- EXAMPLE 15 --------------------------
PS > .\ADACLScan.ps1 -Base "ou=mig,dc=contoso,dc=com" -Output CSVTEMPLATE
This will result in a CSV-file with a format adapted for comparing.
-------------------------- EXAMPLE 16 --------------------------
PS > .\ADACLScan.ps1 -Base "ou=mig,dc=contoso,dc=com" -Template C:\Scripts\mig_CONTOSO_adAclOutput20220722_182746.csv
The following command will result in an output with the possibility to see the state of each ACE on the object compared with the CSV-template.