powershell:accessruleentfernen
Unterschiede
Hier werden die Unterschiede zwischen zwei Versionen angezeigt.
Nächste Überarbeitung | Vorhergehende Überarbeitung | ||
powershell:accessruleentfernen [2016/08/16 16:31] – angelegt ronny | powershell:accessruleentfernen [2016/08/18 14:23] (aktuell) – [2. Entwurf: Funktionalität ausgebaut + Verbose] ronny | ||
---|---|---|---|
Zeile 1: | Zeile 1: | ||
====== ACL AccessRule entfernen ====== | ====== ACL AccessRule entfernen ====== | ||
+ | |||
+ | ===== 1. Entwurf - Die gewünschte Funktionalität ===== | ||
+ | |||
<code Powershell> | <code Powershell> | ||
Zeile 38: | Zeile 41: | ||
} | } | ||
</ | </ | ||
+ | |||
+ | ===== 2. Entwurf: Funktionalität ausgebaut + Verbose ===== | ||
+ | |||
+ | <code Powershell> | ||
+ | function Remove-ACLAccessRule | ||
+ | { | ||
+ | [CmdletBinding()] | ||
+ | param | ||
+ | ( | ||
+ | [Parameter(Mandatory=$true)][String]$ADGroup, | ||
+ | [Parameter(Mandatory=$true)][String]$AccessControlType, | ||
+ | [Parameter(Mandatory=$true)][String]$IdentityReference, | ||
+ | [Parameter(Mandatory=$true)][Int]$ActiveDirectoryRights, | ||
+ | [Parameter(Mandatory=$true)][String]$ObjectGuid, | ||
+ | [Parameter()][string]$DC, | ||
+ | [Parameter()][string]$AdminAccount, | ||
+ | [Parameter()][string]$Password | ||
+ | ) | ||
+ | begin | ||
+ | { | ||
+ | Write-Verbose " | ||
+ | if ($AdminAccount -ne "" | ||
+ | { | ||
+ | $isCredential = $true | ||
+ | $PW = ConvertTo-Securestring $Password -AsPlainText -force | ||
+ | $Credential = New-Object System.Management.Automation.PSCredential($AdminAccount, | ||
+ | } else | ||
+ | { | ||
+ | $isCredential = $false | ||
+ | } | ||
+ | If ($DC -eq "" | ||
+ | { | ||
+ | $isRemote = $false | ||
+ | Import-Module ActiveDirectory -Verbose: | ||
+ | Write-Verbose " | ||
+ | |||
+ | } else | ||
+ | { | ||
+ | if ($isCredential) | ||
+ | { | ||
+ | $Session = New-PSSession -ComputerName $DC -Credential $Credential | ||
+ | } else | ||
+ | { | ||
+ | $Session = New-PSSession -ComputerName $DC | ||
+ | } | ||
+ | Invoke-Command -Session $Session -Command {Import-Module ActiveDirectory} | ||
+ | Write-Verbose " | ||
+ | $isRemote = $true | ||
+ | } | ||
+ | } | ||
+ | process | ||
+ | { | ||
+ | Write-Verbose " | ||
+ | $ScriptBlock = | ||
+ | { | ||
+ | param | ||
+ | ( | ||
+ | $ADGroup, | ||
+ | $AccessControlType, | ||
+ | $IdentityReference, | ||
+ | $ActiveDirectoryRights, | ||
+ | $ObjectGuid, | ||
+ | [System.Management.Automation.ActionPreference]$VerbosePreference | ||
+ | ) | ||
+ | $ADObject = Get-ADGroup -Identity $ADGroup | ||
+ | $ADObjectName = $ADObject.SamAccountName | ||
+ | Write-Verbose "Zu prüfende Gruppe: $ADObjectName" | ||
+ | $LDAPPath = " | ||
+ | $ACL = Get-Acl -Path $LDAPPath | ||
+ | Write-Verbose "ACL abgerufen" | ||
+ | $RuleToRemove = $null; | ||
+ | $RuleFound = $false; | ||
+ | foreach($Rule in $ACL.Access) | ||
+ | { | ||
+ | if ($Rule.AccessControlType.ToString() -eq $AccessControlType -and ` | ||
+ | $Rule.IdentityReference.ToString() -eq $IdentityReference -and ` | ||
+ | $Rule.ActiveDirectoryRights.value__ -eq $ActiveDirectoryRights -and ` | ||
+ | $Rule.ObjectType.ToString() -eq $ObjectGuid) ` | ||
+ | { | ||
+ | $RuleToRemove = $Rule | ||
+ | $RuleFound = $true; | ||
+ | Write-Verbose "Regel gefunden!" | ||
+ | } | ||
+ | } | ||
+ | if ($RuleFound) | ||
+ | { | ||
+ | $erg = $ACL.RemoveAccessRule($RuleToRemove) | ||
+ | Set-Acl -Path $LDAPPath -AclObject $ACL | ||
+ | Write-Verbose "Regel entfernt: $erg" | ||
+ | } else | ||
+ | { | ||
+ | Write-Verbose "Regel nicht gefunden!" | ||
+ | } | ||
+ | } | ||
+ | if ($isRemote) | ||
+ | { | ||
+ | Invoke-Command -Session $Session -ScriptBlock $ScriptBlock -ArgumentList $ADGroup, $AccessControlType, | ||
+ | } else | ||
+ | { | ||
+ | Invoke-Command -ScriptBlock $ScriptBlock -ArgumentList $ADGroup, $AccessControlType, | ||
+ | } | ||
+ | } | ||
+ | end | ||
+ | { | ||
+ | if ($isRemote) {Remove-PSSession -Session $Session} | ||
+ | } | ||
+ | } | ||
+ | </ | ||
+ | |||
{{tag> | {{tag> |
powershell/accessruleentfernen.txt · Zuletzt geändert: 2016/08/18 14:23 von ronny