AD yetkilendirme scripti

These scripts must be executed in an environment where Active Directory (AD) is installed.
Import-Module ActiveDirectory
$ou = "OU=,DC=,DC=" 
#hedef yetki verilecek organizasyona verilecek exch kullanıcılarının olduğu yer olması lazım
$user = "user"
#yetki verilcek kullanıcı, d2m ldap da verilen kullanıcı olması gerekmektedir

$acl = Get-ACL "AD:$ou"
$identity = [System.Security.Principal.NTAccount]$user

function Get-PermissionAcl($identity,$activeDirectoryRights,$controlType,$objectType,$inheritanceType,$inheritedObjectType){

$identity = [System.Security.Principal.NTAccount]$identity

$ace = [System.DirectoryServices.ActiveDirectoryAccessRule]::new(

$identity,
[System.DirectoryServices.ActiveDirectoryRights]$activeDirectoryRights,
[System.Security.AccessControl.AccessControlType]::$controlType,
$objectType,
[System.DirectoryServices.ActiveDirectorySecurityInheritance]::$inheritanceType,
$inheritedObjectType)

return $ace
}

$permission = Get-PermissionAcl -identity $user -activeDirectoryRights "ReadProperty, WriteProperty, GenericExecute" -controlType "Allow" -objectType "00000000-0000-0000-0000-000000000000" -inheritedObjectType "e8b2aff2-59a7-4eac-9a70-819adef701dd" -inheritanceType "Descendents"
$acl.AddAccessRule($permission)
$permission =  Get-PermissionAcl -identity $user -activeDirectoryRights "ReadProperty, WriteProperty, GenericExecute" -controlType "Allow" -objectType "00000000-0000-0000-0000-000000000000" -inheritedObjectType "c975c901-6cea-4b6f-8319-d67f45449506" -inheritanceType "Descendents"
$acl.AddAccessRule($permission)
$permission =  Get-PermissionAcl -identity $user -activeDirectoryRights "ReadProperty, GenericExecute" -controlType "Allow" -objectType "00000000-0000-0000-0000-000000000000" -inheritedObjectType "086f4013-017e-4183-acf0-2d3f5d6f3aac" -inheritanceType "Descendents"
$acl.AddAccessRule($permission)
$permission =  Get-PermissionAcl -identity $user -activeDirectoryRights "ListChildren,ReadProperty" -controlType "Allow" -objectType "00000000-0000-0000-0000-000000000000" -inheritedObjectType "bf967aba-0de6-11d0-a285-00aa003049e2" -inheritanceType "Descendents"
$acl.AddAccessRule($permission)
$permission =  Get-PermissionAcl -identity $user -activeDirectoryRights "WriteProperty" -controlType "Allow" -objectType "1b9b1278-2f78-46a4-8a79-1793a16ff9ca" -inheritedObjectType "bf967aba-0de6-11d0-a285-00aa003049e2" -inheritanceType "Descendents"
$acl.AddAccessRule($permission)
$permission =  Get-PermissionAcl -identity $user -activeDirectoryRights "WriteProperty" -controlType "Allow" -objectType "80549313-8d6c-423c-a077-6693fbeb1a2c" -inheritedObjectType "bf967aba-0de6-11d0-a285-00aa003049e2" -inheritanceType "Descendents"
$acl.AddAccessRule($permission)



Set-ACL -Path "AD:$ou" -AclObject $acl
# Yeni ACL'yi OU'ya uygula
PreviousFirst Time Wizard NextMobil Cihaz Temizleme Scripti
Last updated 18 days ago