Mark Minasi's Tech Forum
Sign up Calendar Latest Topics
 
 
 


Reply
  Author   Comment  
meloao

Senior Member
Registered:
Posts: 109
Reply with quote  #1 
I am looking to get the permission for Write Mobile Number in ADUC.  I think I have to use Get-Acl but not sure where to go from there.  

For example, if I have a user "john.smith" --- how I would find out if the account has permission to update his phone number.


mobile.png 



0
cj_berlin

Avatar / Picture

Senior Member
Registered:
Posts: 407
Reply with quote  #2 
Hi,

quick & dirty:


Set-Location AD:
$access = Get-ACL -Path "CN=Some User,OU=ESMOBILE,DC=esmobile,DC=metabpa,DC=org"
$access.Access | where {($_.ObjectType -eq "f0f8ffa3-1191-11d0-a060-00aa006c33ed" -or $_.ObjectType -eq  "0296c11e-40da-11d1-a9c0-0000f80367c1") -and ($_.AccessControlType -eq "Allow") -and ($_.ActiveDirectoryRights -contains "WriteProperty")} | Select -ExpandProperty IdentityReference -Unique

__________________
Evgenij Smirnov

My personal blog (German): http://www.it-pro-berlin.de/
My stuff on PSGallery: https://www.powershellgallery.com/profiles/it-pro-berlin.de/
0
jsclmedave

Administrator
Registered:
Posts: 495
Reply with quote  #3 
Quote:
Originally Posted by cj_berlin
Hi,

quick & dirty:

 Set-Location AD: $access = Get-ACL -Path "CN=Some User,OU=ESMOBILE,DC=esmobile,DC=metabpa,DC=org" $access.Access | where {($_.ObjectType -eq "f0f8ffa3-1191-11d0-a060-00aa006c33ed" -or $_.ObjectType -eq "0296c11e-40da-11d1-a9c0-0000f80367c1") -and ($_.AccessControlType -eq "Allow") -and ($_.ActiveDirectoryRights -contains "WriteProperty")} | Select -ExpandProperty IdentityReference -Unique 


Note !

If you do not have the latest OS Build in WIN 10 and are using PowerShell 7, Set-Location AD: will not work.  It works fine in Windows PowerShell 5.1.


Name                           Value
----                           -----
PSVersion                      7.0.0
PSEdition                      Core
GitCommitId                    7.0.0
OS                             Microsoft Windows 10.0.17763
Platform                       Win32NT
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1
WSManStackVersion              3.0



PS C:\Users\lbolton> Set-Location AD:
Set-Location: Cannot find drive. A drive with the name 'AD' does not exist.






__________________
Tim Bolton @jsclmedave
Email: [string](0..20|%{[char][int](32+('527377347976847978324785847679797514357977').substring(($_*2),2))}) -replace ' '  

New to the forum? Please Read this
0
cj_berlin

Avatar / Picture

Senior Member
Registered:
Posts: 407
Reply with quote  #4 
Right. And frankly, I've yet to find a valid use case for PowerShell Core on Windows. 'Valid' in the sense of benefits outweighing the hassle.
__________________
Evgenij Smirnov

My personal blog (German): http://www.it-pro-berlin.de/
My stuff on PSGallery: https://www.powershellgallery.com/profiles/it-pro-berlin.de/
0
jsclmedave

Administrator
Registered:
Posts: 495
Reply with quote  #5 
Quote:
Originally Posted by cj_berlin
Right. And frankly, I've yet to find a valid use case for PowerShell Core on Windows. 'Valid' in the sense of benefits outweighing the hassle.


Haha!  Glad I'm not the only one that thinks that.

Having said that, I will admit I am not in the position to use it on Linux or take advantage of some of the new cmdlets.  So for me, 5.1 works great and is all I need at the moment.

__________________
Tim Bolton @jsclmedave
Email: [string](0..20|%{[char][int](32+('527377347976847978324785847679797514357977').substring(($_*2),2))}) -replace ' '  

New to the forum? Please Read this
0
meloao

Senior Member
Registered:
Posts: 109
Reply with quote  #6 
I am running Powershell 5.1:

PS AD:\> (Get-Host).Version

Major Minor Build Revision
----- ----- ----- --------
5 1 17763 771


Getting this error:

Set-Location : A positional parameter cannot be found that accepts argument 'AD:'.
At line:1 char:1
+ Set-Location AD: $access = Get-ACL -Path "CN=user,OU=something ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (😉 [Set-Location], ParameterBindingException
+ FullyQualifiedErrorId : PositionalParameterNotFound,Microsoft.PowerShell.Commands.SetLocationCommand

0
cj_berlin

Avatar / Picture

Senior Member
Registered:
Posts: 407
Reply with quote  #7 
Hi,
you seem to have lost the line break after AD: somewhere along the way...

__________________
Evgenij Smirnov

My personal blog (German): http://www.it-pro-berlin.de/
My stuff on PSGallery: https://www.powershellgallery.com/profiles/it-pro-berlin.de/
0
Previous Topic | Next Topic
Print
Reply

Quick Navigation:

Easily create a Forum Website with Website Toolbox.