question

DeyanKochev avatar image
0 Votes"
DeyanKochev asked LimitlessTechnology-2700 answered

PowerShell: Mirror user permissions on a share based on CSV

Hello guys,

I need some help with a script, that should match the permissions for user accounts from an excel csv file (with delimeter) and mirror them. We have two columns, and the permissions that are assigned on the shared folder for the users in the first column need to be mirrored to the users in the second column. Could you please take a look at the code and let me know, what I have done wrong because I am lost at the moment :)

 #region Variables 
 $FolderPath = "C:\Temp" 
 $ErrorActionPreference = "SilentlyContinue" 
 #endregion 
      
 #Read the users and store them 
 $Users = Import-Csv -Path "C:\Temp\Users.csv" -Delimiter "," 
      
 #Create a hash table with the values (Key = Arctic, Value = ASH) 
 $HashTable=@{} 
 foreach($row in $Users) 
 { 
     $HashTable[$row.Arctic]=$row.ASH 
 } 
      
 #Get folder structure 
 $Folders = Get-ChildItem -Directory -Path $FolderPath -Recurse -Force 
      
 #Traverse folder 
 Foreach ($Folder in $Folders) { 
      
     #Get Folder ACL 
     $FolderAcl = Get-Acl -Path $Folder.FullName 
      
     ForEach ($Access in $FolderAcl.Access) { 
      
         #Get the current user Identity 
         $DomainUser = $FolderAcl.Access.IdentityReference            
      
         #Get the index of the separator 
         $s = $DomainUser.IndexOf("\") 
      
         #Trim the user 
         $User = $DomainUser.Substring($s+1) 
      
     
         if ($HashTable.ContainsKey($User)) {  
      
             #Get the corrsponding ASH userfrom the hashtable 
             $ASHUser = $Hashtable.GetEnumerator() | where {$_.Key -eq $User } 
                 
             $AccessControlType1 = $Access.AccessControlType 
             $IdentityReference1 = $Access.IdentityReference 
             $IsInherited1 = $Access.IsInherited 
             $InheritanceFlags1 = $Access.InheritanceFlags 
             $PropagationFlags1 = $Access.PropagationFlags 
            
      
             $NewACL = New-Object  system.security.accesscontrol.filesystemaccessrule("$ASHUser","$AccessControlType1","$IdentityReference1","$IsInherited1","$InheritanceFlags1","$PropagationFlags1")         
                 
             $FolderAcl.SetAccessRule($NewACL) 
      
             Set-acl -Path $Folder.FullName -AclObject $FolderAcl  
         } 
    } 
      
 } 


When I run the script, I receive no error, but no permissions are mirrored as well

windows-server-powershell
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

When I run the script, I receive no error, but no permissions are mirrored as well

Remove the $ErrorActionPreference and let the script crash.

Add in Write-Host statements so that you can see what folder and what user you are processing. If the hashtable does not contain the user write that out too so that can verify that you are parsing the name correctly.

1 Vote 1 ·

1 Answer

LimitlessTechnology-2700 avatar image
0 Votes"
LimitlessTechnology-2700 answered

Hello @DeyanKochev,

Thank you for your question.

Please follow these steps, it will help you:

1 Open the Powershell ISE → Create a new script using the following code → Specify the path to the folder of interest and where the result must be exported:

$FolderPath = dir -Directory -Path "\\fs1\Shared" -Recurse -Force
$Report = @()
Foreach ($Folder in $FolderPath) {
$Acl = Get-Acl -Path $Folder.FullName
foreach ($Access in $acl.Access)
{
$Properties = [ordered]@{'FolderName'=$Folder.FullName;'AD
Group or
User'=$Access.IdentityReference;'Permissions'=$Access.FileSystemRights;'Inherited'=$Access.IsInherited}
$Report += New-Object -TypeName PSObject -Property $Properties
}
}
$Report | Export-Csv -path "C:\data\FolderPermissions.csv"

2 Run the script.

3 Open the file produced by the script in MS Excel.




If the reply was helpful, please don't forget to upvote or accept as answer.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.