activedirectory:addelegate
Dies ist eine alte Version des Dokuments!
Delegationen setzen
Berechtigungen abrufen:
$a = Get-Acl AD:\'CN=Tester1,OU=Ou1,OU=OU2,OU=OU3,DC=Contoso,DC=com').Access $a.Access[0].ActiveDirectoryRights.value__
Berechtigung schreiben
$path = "AD:\CN=Tester1,OU=Ou1,OU=OU2,OU=OU3,DC=Contoso,DC=com" $acl = Get-Acl -Path $path $ace = New-Object Security.AccessControl.ActiveDirectoryAccessRule('DOMAIN\Computername','FullControl') $acl.AddAccessRule($ace) Set-Acl -Path $path -AclObject $acl
Weitere Informationen zu der ActiveDirectoryAccessRule: Link
Quellen: Link
Edit: Selbst ermittelt geht folgendes:
$account = New-Object System.Security.Principal.NTAccount("evv", "rkaufmann") $act = new-object System.Security.AccessControl.AccessControlType $act.value__ = 0 $adr = new-object System.DirectoryServices.ActiveDirectoryRights $adr.value__ = 48 $inherit = new-object System.DirectoryServices.ActiveDirectorySecurityInheritance $inherit.value__ = 0 $ot = new-object System.Guid("bf9679c0-0de6-11d0-a285-00aa003049e2") New-Object System.DirectoryServices.ActiveDirectoryAccessRule($account,$adr,$act,$ot,$inherit)
activedirectory/addelegate.1460642952.txt.gz · Zuletzt geändert: 2016/04/14 16:09 von ronny