Berechtigungen abrufen:

$a = Get-Acl AD:\'CN=Tester1,OU=Ou1,OU=OU2,OU=OU3,DC=Contoso,DC=com').Access
$a.Access[0].ActiveDirectoryRights.value__

Berechtigung schreiben

$path = "AD:\CN=Tester1,OU=Ou1,OU=OU2,OU=OU3,DC=Contoso,DC=com"
$acl = Get-Acl -Path $path
$ace = New-Object Security.AccessControl.ActiveDirectoryAccessRule('DOMAIN\Computername','FullControl')
$acl.AddAccessRule($ace)
Set-Acl -Path $path -AclObject $acl

Weitere Informationen zu der ActiveDirectoryAccessRule: Link

Quellen: Link

Edit: Selbst ermittelt geht folgendes:

$account = New-Object System.Security.Principal.NTAccount("evv", "rkaufmann")
$act = new-object System.Security.AccessControl.AccessControlType
$act.value__ = 0
$adr = new-object System.DirectoryServices.ActiveDirectoryRights
$adr.value__ = 48
$inherit = new-object System.DirectoryServices.ActiveDirectorySecurityInheritance
$inherit.value__ = 0
$ot = new-object System.Guid("bf9679c0-0de6-11d0-a285-00aa003049e2")
 
 
New-Object System.DirectoryServices.ActiveDirectoryAccessRule($account,$adr,$act,$ot,$inherit)