It’s been a while, gentle reader, since my last post. It isn’t that I haven’t been writing code, but rather that much of what I write is for internal use only. Recently I was asked to write a PowerShell script to show the advanced security for any AD object, without relying on the ActiveDirectory module….
Tag: ACLS
Reset User Account ACLs
The security for user account objects in an OU may drift over time. User accounts moved within the domain will retain delegations previously made, and user accounts created after schema extensions won’t have the same security as user accounts created earlier in time. Reset-UserAccountACLs.ps1 resets the security (ACLs) for user accounts within an OU to…
Export and Import Delegated OU Permissions with PowerShell
There are some delegations of permissions within Active Directory which cannot be made without extra effort. Some properties are flagged as hidden in a file called Dssec.dat, in %windir%\System32 on computers with the Active Directory Users and Computers (ADUC) MMC. Dssec.dat is a hidden text file that can be viewed and modified with Notepad. When…
Too many permissions in AD
From MSKB 2001769: When you propagate the permissions on an object such as an organizational unit (OU), group, user, or computer in Active Directory, you may receive the following error: “Unable to save permission changes on ObjectName. A constraint violation occurred.” Cause: This will happen when the Access Control List (ACL) size on the object…