Active Directory Permission Inheritance (The Glories of Consistency!)
Someone asked a question (on experts-exchange) about how to Enable Permission Inheritance on an Active Directory Object.
Here is what I came up with.
# Enable AD Permission Inheritance on an Object
Param($DN)
$user = [ADSI]"LDAP://$dn"
$user.psbase.ObjectSecurity.SetAccessRuleProtection($false,$true)
$user.psbase.CommitChanges()
Param($DN)
$user = [ADSI]"LDAP://$dn"
$user.psbase.ObjectSecurity.SetAccessRuleProtection($false,$true)
$user.psbase.CommitChanges()
During the same thread someone also asked how to do it in the File System.
Check it out… It is very similar.
# Enable File Permission Inheritance on an Object
Param($path)
$acl = Get-Acl $path
$acl.SetAccessRuleProtection($false,$true)
set-Acl -aclObject $acl -path $path
Param($path)
$acl = Get-Acl $path
$acl.SetAccessRuleProtection($false,$true)
set-Acl -aclObject $acl -path $path
This is just another case where relying on .NET framework provides power and consistency.
tshell :: Mar.10.2008 :: Active Directory, Powershell :: No Comments »
