发表新帖
发表新帖

Set-ACL on AD Computer Object

后端 未结
关注
2 606
隐瞒了意图╮
隐瞒了意图╮ 2021-01-03 04:50

I am attempting to Set-Acl on a Computer Object in AD. Firstly I get the ACL using:

$acl = (Get-Acl AD:\\\'CN=Tester1,OU=Ou1,OU=OU2,OU=OU3,DC=Co
相关标签:
2条回答
  • 南笙
    2021-01-03 05:30

    ACE for AD objects you must create with System.DirectoryServices.ActiveDirectoryAccessRule object instead of System.Security.AccessControl.FileSystemAccessRule.

    Good description and example is here: Add Object Specific ACEs using Active Directory Powershell

    0 讨论(0)
  • 有刺的猬
    2021-01-03 05:37

    ActiveDirectory isn't a filesystem. You must create a new ACE for an AD object as an ActiveDirectoryAccessRule.

    $path = "AD:\CN=Tester1,OU=Ou1,OU=OU2,OU=OU3,DC=Contoso,DC=com"
$acl = Get-Acl -Path $path
$ace = New-Object Security.AccessControl.ActiveDirectoryAccessRule('DOMAIN\Computername','FullControl')
$acl.AddAccessRule($ace)
Set-Acl -Path $path -AclObject $acl
    0 讨论(0)
 看不清?
提交回复
热议问题