Posts RSS Comments RSS 249 Posts and 391 Comments till now

Active Directory Permission Inheritance (The Glories of Consistency!)

Someone asked a question (on experts-exchange) about how to Enable Permission Inheritance on an Active Directory Object.

Here is what I came up with.

# Enable AD Permission Inheritance on an Object
Param($DN)
$user = [ADSI]"LDAP://$dn"
$user.psbase.ObjectSecurity.SetAccessRuleProtection($false,$true)
$user.psbase.CommitChanges()

During the same thread someone also asked how to do it in the File System.

Check it out… It is very similar.

#  Enable File Permission Inheritance on an Object
Param($path)
$acl = Get-Acl $path
$acl.SetAccessRuleProtection($false,$true)
set-Acl -aclObject $acl -path $path

This is just another case where relying on .NET framework provides power and consistency.

tshell :: Mar.10.2008 :: Active Directory, Powershell :: 3 Comments »

3 Responses to “Active Directory Permission Inheritance (The Glories of Consistency!)”

  1. on 28 Nov 2008 at 12:50 am1RsjR

    Hi BSonPosh,

    You pointed me to this page on expert-exchange as per my question on scripting ACES reordering in DACLs. IF you use your first script hereabove to remove inheritance and then try to modify permissions with Add- or remove-adpermission, you’ll surely encounter my problem. If ever you find a scriptable solution, I’m defenetely interested. Regards, RsjR

  2. on 19 Feb 2010 at 11:00 am2Flemming

    Hi BSonPosh,

    I’ve been finding answers to many of my questions in your responses on experts-exchange.com and I believe that I will have much to learn from you for a very long time :c)

    I’ve tried your script here to remove inheritance on all address list in Exchange 2007 (setting up a hosting solution), but when I then take a look at the security tab of that CN in ADSI Edit, I get an error that the permissions are incorrectly ordered. Are you familiar with that problem?

    Best regards,
    Flemming

  3. on 17 May 2010 at 8:28 am3Sjoerd

    Hi Flemming,

    Ditto on the hosting setup. Did you ever got this sorted? Have the same issue with the order message.

    Regards,
    Sjoerd

Trackback this post | Feed on Comments to this post

Leave a Reply