Unterschiede

Hier werden die Unterschiede zwischen zwei Versionen angezeigt.

--- powershell:accessruleentfernen [2016/08/16 16:31] – angelegt ronny
+++ powershell:accessruleentfernen [2016/08/18 12:06] – ronny
@@ Zeile 1: / Zeile 1: @@
 ====== ACL AccessRule entfernen ======
+===== 1. Entwurf - Die gewünschte Funktionalität =====
 <code Powershell>
@@ Zeile 38: / Zeile 41: @@
 }
 </code>
+===== 2. Entwurf: Funktionalität ausgebaut + Verbose =====
+<code Powershell>
+function Remove-ACLAccessRule
+{
+	[CmdletBinding()]
+	param
+	(
+		[Parameter(Mandatory=$true)][String]$ADGroup,
+		[Parameter(Mandatory=$true)][String]$AccessControlType,
+		[Parameter(Mandatory=$true)][String]$IdentityReference,
+		[Parameter(Mandatory=$true)][Int]$ActiveDirectoryRights,
+		[Parameter(Mandatory=$true)][String]$ObjectGuid,
+		[Parameter()][string]$DC = $null,
+		[Parameter()][string]$AdminAccount = $null,
+		[Parameter()][string]$Password = $null
+	)
+	begin
+	{
+		Write-Verbose "*************begin*************"
+		Import-Module ActiveDirectory -Verbose:$false
+		If ($DC -ne $null -and `
+			$AdminAccount -ne $null -and `
+			$Password -ne $null)
+		{
+			$PW = ConvertTo-Securestring $Password -AsPlainText -force
+			$Credential = New-Object System.Management.Automation.PSCredential($AdminAccount,$PW)
+			$Session = New-PSSession -ComputerName $DC -Credential $Credential
+			Write-Verbose "Remote-Anmeldung auf $DC"
+			$isRemote = $true
+		} else
+		{
+			$isRemote = $false
+			Write-Verbose "Lokale Ausführung"
+		}
+	}
+	process
+	{
+		Write-Verbose "*************process*************"
+		if ($isRemote)
+		{
+			$ADObject = Invoke-Command -Session $Session -Command {param ($a1) Get-ADGroup -Identity $a1} -ArgumentList $ADObject
+		} else
+		{
+			$ADObject = Get-ADGroup -Identity $ADGroup
+		}
+		$ADObjectName = $ADObject.SamAccountName
+		Write-Verbose "Zu prüfende Gruppe: $ADObjectName"
+		$LDAPPath = "AD:\" + $ADObject.DistinguishedName.toString();
+		if ($isRemote)
+		{
+			$ACL = Invoke-Command -Session $Session -Commane {param ($a1) Get-Acl -Path $a1} -ArgumentList $LDAPPath
+		} else
+		{
+			$ACL = Get-Acl -Path $LDAPPath
+		}
+		Write-Verbose "ACL abgerufen"
+		$RuleToRemove = $null;
+		$RuleFound = $false;
+		foreach($Rule in $ACL.Access)
+		{
+			if ($Rule.AccessControlType.ToString() -eq $AccessControlType -and `
+				$Rule.IdentityReference.ToString() -eq $IdentityReference -and `
+				$Rule.ActiveDirectoryRights.value__ -eq $ActiveDirectoryRights -and `
+				$Rule.ObjectType.ToString() -eq $ObjectGuid) `
+			{
+				$RuleToRemove = $Rule
+				$RuleFound = $true;
+				Write-Verbose "Regel gefunden!"
+			}
+		}
+		if ($RuleFound)
+		{
+			$erg = $ACL.RemoveAccessRule($RuleToRemove)
+			if ($isRemote)
+			{
+				Invoke-Command -Session $Session -Command {param ($a1, $a2) Set-Acl -Path $a1 -AclObject $a2} -ArgumentList $LDAPPath,$ACL
+			} else
+			{
+				Set-Acl -Path $LDAPPath -AclObject $ACL
+			}
+			Write-Verbose "Regel entfernt: $erg"
+		} else
+		{
+			Write-Verbose "Regel nicht gefunden!"
+		}
+	}
+	end {}
+}
+</code>
 {{tag>[Powershell ACL AccessRule Remove]}}