Alan's Blog

"Yeah. I wrote a script that will do that."

Menu
  • About My Blog
Menu

Tag: OU permissions

Get Security Set on Active Directory Objects

Posted on December 25, 2021 by Alan

Viewing the security set on an Active Directory object is useful for troubleshooting and for security event investigations. Get-ADObjPermissions_ps1 reads your AD schema data, and provides a list of security set with both the setting and the delegate. This does not require admin permissions or any modules to run. It take’s the object’s distinguished name…

Read more

Export and Import Delegated OU Permissions with PowerShell

Posted on August 13, 2017October 14, 2017 by Alan

There are some delegations of permissions within Active Directory which cannot be made without extra effort. Some properties are flagged as hidden in a file called Dssec.dat, in %windir%\System32 on computers with the Active Directory Users and Computers (ADUC) MMC. Dssec.dat is a hidden text file that can be viewed and modified with Notepad. When…

Read more

Remove Active Directory Delegations

Posted on February 25, 2017February 25, 2024 by Alan

Over time, Active Directory delegations tend to accumulate and drift from the standards in the enterprise.  Removing the delegations for a user or group can be slow, especially if you do it manually.  Microsoft has a good article about this process, but none of the methods I found did what I needed.  I wanted a script which…

Read more

Too many permissions in AD

Posted on May 6, 2011December 25, 2021 by Alan

From MSKB 2001769: When you propagate the permissions on an object such as an organizational unit (OU), group, user, or computer in Active Directory, you may receive the following error: “Unable to save permission changes on ObjectName. A constraint violation occurred.” Cause: This will happen when the Access Control List (ACL) size on the object…

Read more

Search

Please Note

All the scripts are saved as .txt files. Newer files have a “View Script” button which will let you save or open a script in notepad. For earlier posts, the easiest way to download with IE is to right click on the link and use “Save Target As”. Rename file from Name_ext.txt to Name.ext.

To see a full post after searching, please click on the title.

PowerShell Scripts were written with version 3 or later.

https connections are supported.

All new users accounts must be approved, as are comments. Please be patient.  If you find a post error or a script which doesn’t work as expected, I appreciate being notified.  My email is my first name at the domain name, and you are welcome to contact me that way.

Tags

1E ACLS Active Directory ActiveDirectory ADSI Advanced Functions Audit Change Administrator Password COMObject Computer Groups DateTime Desktop DNS Excel FileScriptingObject Forms General GPO GPS Group Policy Hacks ISE Lockout logons NAV740 Nessus OU OU permissions Outlook Pick Folder Power PowerShell Powershell Scriptlets RDP SCCM schedule reboot Scripting Security Shell.Application user information VBA Windows Update WMI WordPress WPF

Categories

akaplan.com

  • Back to Home Page

Archives

Scripting Sites

  • A Big Pile of Small Things
  • Adam, the Automator
  • Art of the DBA
  • Ashley McGlone
  • Boe Prox
  • Carlo Mancini
  • DexterPOSH
  • Doug Finke
  • Jaap Brasser's Blog
  • JeffOps The Scripting Dutchman
  • Jonathan Medd's Blog
  • Keith Hill's Blog
  • LazyWinAdmin
  • Nana Lakshmanan
  • PowerShell Magazine
  • PowerShell Team Blog
  • PowerShell.org
  • PwrShell.net
  • Richard Siddaway's Blog
  • Ryan Yates' Blog
  • Skatterbrainz
  • The Lonely Administrator

SQL Site

  • Art of the DBA

Meta

  • Register
  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org
©2025 Alan's Blog | Theme by SuperbThemes

Terms and Conditions - Privacy Policy