Set-ACL on AD Computer Object

后端 未结 2 609
隐瞒了意图╮
隐瞒了意图╮ 2021-01-03 04:50

I am attempting to Set-Acl on a Computer Object in AD. Firstly I get the ACL using:

$acl = (Get-Acl AD:\\\'CN=Tester1,OU=Ou1,OU=OU2,OU=OU3,DC=Co         


        
2条回答
  •  有刺的猬
    2021-01-03 05:37

    ActiveDirectory isn't a filesystem. You must create a new ACE for an AD object as an ActiveDirectoryAccessRule.

    $path = "AD:\CN=Tester1,OU=Ou1,OU=OU2,OU=OU3,DC=Contoso,DC=com"
    $acl = Get-Acl -Path $path
    $ace = New-Object Security.AccessControl.ActiveDirectoryAccessRule('DOMAIN\Computername','FullControl')
    $acl.AddAccessRule($ace)
    Set-Acl -Path $path -AclObject $acl
    

提交回复
热议问题