Reset User Account ACLs

Posted on October 22, 2017 by Alan

The security for user account objects in an OU may drift over time. User accounts moved within the domain will retain delegations previously made, and user accounts created after schema extensions won’t have the same security as user accounts created earlier in time. Reset-UserAccountACLs.ps1 resets the security (ACLs) for user accounts within an OU to the defaults for a new user in that OU. It works by creating a temporary user object, copying the permissions, and applying those permissions to existing users withing the OU.

You choose the domain and OU from a GUI. I use a RemoteAD drive to get and set ACLs in remote domains. Test mode will create a report with no changes made.

Script Text

You must be logged in to post a comment.

All the scripts are saved as .txt files. Newer files have a “View Script” button which will let you save or open a script in notepad. For earlier posts, the easiest way to download with IE is to right click on the link and use “Save Target As”. Rename file from Name_ext.txt to Name.ext.

To see a full post after searching, please click on the title.

PowerShell Scripts were written with version 3 or later.

https connections are supported.

All new users accounts must be approved, as are comments. Please be patient. If you find a post error or a script which doesn’t work as expected, I appreciate being notified. My email is my first name at the domain name, and you are welcome to contact me that way.

Leave a Reply