(This is my first post, so sorry if I'm hard to understand or asked a bad question)
Here is my problem:
I have a few AD Groups with a similar naming convention. "*somename" and I used Get-ADGroup command to get an array filled with those objects.
Similarly, I have folders with NTFS permissions on them which I have in another array. These permissions are a mix of the groups I mentioned earlier, as well as other groups and individual users as needed.
End Goal (What I would like to find):
- Which folders do not have any of those AD Groups assigned.
- And which of those AD Groups aren't attached to any folders.
- Which folders have which AD Group from that list assigned to it.
Here is what I have tried
$CS_Dirs=get-childitem '\\my.server\share$\Dept' -recurse -depth 1 -filter copierscans
$CS_Roles=Get-ADGroup -filter {Name -like "* CopierScans"}
####For each directory in $CS_Dirs array, get acl###
foreach($dir in $CS_Dirs){
###Get the ACL for the Dir###
get-acl $dir.PSPath | %{
####Variable to tell this loop if next loops find a match###
$contains=$false
####For every access object in that ACL###
foreach ($access in $_.access){
###loop through each group to check if any of the dir's ACL's principals are in my list of AD Groups.
foreach($group in $CS_ADGrups){
#If they are then set contains to true to tell the outer loop to select that path
if($access.identityreference.ToString() -match {"DOMAIN\"+$group.name.ToString()}){
$contains=$true
}
}
}
#Should be a list of all the paths
#Which are not assigned a group contained in my $CS_ADGroups list.
if($contains){
$_ | select @{n="path";e={$_.path}}
}
}
}
The Issues:
The matching in the end of the foreach I can't get to match eachother
- The matching in the end of the foreach, i can't get it to evaluate true properly when they match. partly because one of them has the domain attached to the front and the other doesn't (hence the "domain\" portion)
- I can't get it to select the directory path when it's inside a foreach loop,
Best Answer
It is difficult to see the errors you're getting without a similar environment to run it against. I can make the following two suggestions.
1) Get-Childitem does not return any items with a "path" property. Try using the "Fullname" property instead.
2) When you attempt to match a string that contains characters that perform special regex functions (like \$^?.) you need to escape those so they can be matched. Backslash is the primary escape character in regular expressions.
Try the following on the right side of your
-match