User access to folders

Not great at scripting, looking for a little insight. I need to get a list of users and the folders they have access to. Sysinternals accesschk and accessenum are a bit more than I need, as are other scripts I’ve researched. I just need to get the user and the top level folders they have access to.
Ex: User 1 * F:folder1 * F:folder2

I found a snippet of code I can use here: https://social.technet.microsoft.com/Forums/en-US/80779404-b279-4bde-bc84-b1c2212a5126/all-permissions-a-user-have-on-all-folders?forum=winserverDS. Tried to pull users from “testgrp” and wrap it in a foreach. Had to add the Domain to try and match with the IdentityReference at the end. If I comment out “Where-Object { $_.IdentityReference -like $user } ” it will return all the folders and accounts, but with it included, I don’t get any results.

Import-module activedirectory $users = get-adgroupmember -identity testgrp | select @{Name="SamAccountName";Expression={"Domain$($_.Samaccountname)"}} | ft -hide Foreach ($user in $users){ # Include only folders from the root path Get-ChildItem "F:" -ea 0 | Where-Object { $_.PsIsContainer } | ForEach-Object { $Path = $_.FullName # Exclude inherited rights from the report try {Get-Acl $Path -ea 0 | Select-Object -expandProperty Access | Where-Object { !$_.IsInherited } | Where-Object { $_.IdentityReference -like $user } | Select-Object ` @{n='Path';e={ $Path }}, IdentityReference } catch {} } } 

Any nudge in the right direction would be appreciated. Thanks.

submitted by /u/alljunkandcrap
[link] [comments]

Leave a Reply