I'm pretty new to Powershell, but I have lots of experience in VBScript and Python. I'm trying to be a good Windows admin and get into Powershell more. So, here is what I'm trying to do: A parent folder contains dozens of sub-folders that are named as AD usernames (ex. Users\username1, Users\username2, where Users is the parent folder). I want to loop through each folder name, parse out the sub-folder name, and pass that to icacls to apply permissions based on the username. I did a multi-liner because I was running into issues piping. This is what I have after trying several different approaches:

$root_folder = "c:\temp\test"
$cmd1 = "icacls "
$cmd2 = " /grant cm\"
$cmd3 = ":`(OI`)`(CI`)F"
$paths_collection = get-childitem $root_folder | foreach-object -process {$_.FullName}
foreach ($path in $paths_collection)
{$string = $path.split("\");$last = $string[-1];$command = $cmd1 + $path +$cmd2 +$last +$cmd3;invoke-expression $command}

It wasn't originally this rough, but I started breaking it apart when I was running into issues.

THE PROBLEM - in $cmd3, the (OI)(CI) is not coming in cleanly to the invoke-expression. If I change $cmd3 to just ":F" it works, but I have to set inheritance using the offending parameters. PLEASE HELP. I've been racking my brain all day on this one. Couldn't really find anything that dealt with this issue specifically (tried backticks, referencing the $command as '$command', etc.)

ERROR: The term 'OI' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. At line:1 char:56 + icacls C:\temp\test\garthwaitm /grant domain\user1:(OI <<<< )(IO)F + CategoryInfo : ObjectNotFound: (OI:String) [], CommandNotFoundException + FullyQualifiedErrorId : CommandNotFoundException