Set-ACL on AD Computer Object

2020-02-29 06:05发布

I am attempting to Set-Acl on a Computer Object in AD. Firstly I get the ACL using:

$acl = (Get-Acl AD:\'CN=Tester1,OU=Ou1,OU=OU2,OU=OU3,DC=Contoso,DC=com').Access

Which gives me all the ACL for that computer object. I then use:

$acl.AddAccessRule((New-Object System.Security.AccessControl.FileSystemAccessRule("Computername","FullControl")))

Any pointers in the right direction would be helpful. My aim is to add a computer object to the computer object 'Tester1' and give it Full Access permissions.

标签： powershell active-directory acl

2条回答

地球回转人心会变

2楼-- · 2020-02-29 06:28

ACE for AD objects you must create with System.DirectoryServices.ActiveDirectoryAccessRule object instead of System.Security.AccessControl.FileSystemAccessRule.

Good description and example is here: Add Object Specific ACEs using Active Directory Powershell

0人赞添加讨论(0) 举报

放我归山

3楼-- · 2020-02-29 06:43

ActiveDirectory isn't a filesystem. You must create a new ACE for an AD object as an ActiveDirectoryAccessRule.

$path = "AD:\CN=Tester1,OU=Ou1,OU=OU2,OU=OU3,DC=Contoso,DC=com"
$acl = Get-Acl -Path $path
$ace = New-Object Security.AccessControl.ActiveDirectoryAccessRule('DOMAIN\Computername','FullControl')
$acl.AddAccessRule($ace)
Set-Acl -Path $path -AclObject $acl

0人赞添加讨论(0) 举报

Set-ACL on AD Computer Object

采纳回答

编辑标签

举报内容

检举类型

检举原因

检举说明(必填)

打开微信“扫一扫”，打开网页后点击屏幕右上角分享按钮

付费偷看金额在0.1-10元之间