Change Active Directory advanced security with PowerShell

It has been a while since my last post. So this is my first for 2016 J.

I will show you how you can change the advanced security settings in Active Directory with PowerShell. Off course you can do everything the default GUI. But if you have to do it more than once, this is one way to do it! So let’s start.

There is one requirement, you need to install the active role management from Dell.
The download includes also a detailed pdf about all the commands. You can find them here: http://software.dell.com/products/active-roles/powershell.aspx

So what we want to change is this:

And in PowerShell it looks like this:

Here is our first obstacle, lots of the sources are inherited. And yes we want to change one of the inherited rights…

So to disabled inheritance but keep the rights, you need to do the following:
SetAccessRuleProtection: https://msdn.microsoft.com/en-us/library/system.security.accesscontrol.objectsecurity.setaccessruleprotection(v=vs.110).aspx?cs-save-lang=1&cs-lang=vb#code-snippet-1

Use the Get-QADPermission again to see the result, you will see that the Source Inherited is changed to Not Inherited.

Once the inheritance is disabled we can delete everything we want. We use the Get-QADpermission en Remove-QADPermission

So now you have the settings you want. If you made a mistake and want to restore the inherited permissions, you can run the next command:

It is also possible to add instead of delete permissions, here is an example how you can do that.

I hope this post will help you to manage you Active Directory even better.
See you next time.

About the Author

Sander

No Comments

Comments are closed.