0

I have been getting the full permissions applied to a user in AD, through the Security tab in the users properties in AD. Also , I want to get displayname,samaccountname,employeeID attribute too. How can I do that ?

Thanks,

Get-ADUser -Filter * | %{(Get-ACL "AD:$($_.distinguishedname)").access}
Arbelac
  • 1,698
  • 6
  • 37
  • 90

1 Answers1

1

I guess what you are after is something like this:

Get-ADUser -Filter * -Properties DisplayName, EmployeeID | 
Select-Object DisplayName, SamAccountName, EmployeeID,
              @{Name = 'Permissions'; Expression = {(Get-ACL "AD:$($_.DistinguishedName)").Access}}

Unknown of what exactly you want in the output, here's what you can do as alternative:

Get-ADUser -Filter * -Properties DisplayName, EmployeeID | 
ForEach-Object {
    $permissions = foreach ($perm in (Get-ACL "AD:$($_.DistinguishedName)").Access) {
        '{0}: {1}' -f $perm.AccessControlType, $perm.IdentityReference
    }
    [PsCustomObject]@{
        DisplayName        = $_.DisplayName
        SamAccountName     = $_.SamAccountName
        EmployeeID         = $_.EmployeeID
        Permissions        = ($permissions | Sort-Object -Unique) -join [environment]::NewLine
    }
}
Theo
  • 57,719
  • 8
  • 24
  • 41
  • @Arbelac That depends on what properties of Access you want to see.. Maybe you want something like `(Get-ACL "AD:$($_.DistinguishedName)").Access | Select IdentityReference, AccessControlType` in the expression ?? – Theo Mar 16 '23 at 14:00
  • I have a question. is it possible to help ? https://stackoverflow.com/questions/75862566/constructing-the-output-object-as-single-line-plain-text – Arbelac Mar 28 '23 at 05:29