< Back
Set-ADObjectAcl
Post
NAME Set-ADObjectAcl
SYNOPSIS
Sets permissions on an Active Directory object.
SYNTAX
Set-ADObjectAcl [-ObjectDN] <String> -Rules <ActiveDirectoryAccessRule[]> [-Replace]
[-ReplaceForExistingPrincipal] [-Credential <PSCredential>] [<CommonParameters>]
Set-ADObjectAcl [-ObjectCN] <String> [[-Domain] <String>] -Rules <ActiveDirectoryAccessRule[]> [-Replace]
[-ReplaceForExistingPrincipal] [-Credential <PSCredential>] [<CommonParameters>]
DESCRIPTION
Will set permissions on an Active Directory object with the provided rule set and Object CN. ACLs for security
principals that are defined as part of
the rule set provided will be replaced with the updated rules. Other ACLs rules will not be affected unless the
Replace switch is defined.
PARAMETERS
-ObjectCN <String>
The CN of the object being configured up to the domain part of the DN. This can be an empty string to
configure the domain object.
Required? true
Position? 1
Default value
Accept pipeline input? false
Accept wildcard characters? false
-Domain <String>
The domain in which to configure the object's ACL.
Required? false
Position? 2
Default value
Accept pipeline input? false
Accept wildcard characters? false
-ObjectDN <String>
The DistinguishedName of the object being configured.
Required? true
Position? 1
Default value
Accept pipeline input? true (ByValue)
Accept wildcard characters? false
-Rules <ActiveDirectoryAccessRule[]>
An array of Active Directory Access Rules
Required? true
Position? named
Default value
Accept pipeline input? true (ByValue)
Accept wildcard characters? false
-Replace [<SwitchParameter>]
Indicates that all ACL entries on the object should be replaced with the provided rules. If this is not
specified, the provided rules are only
added to the existing rules.
Required? false
Position? named
Default value False
Accept pipeline input? false
Accept wildcard characters? false
-ReplaceForExistingPrincipal [<SwitchParameter>]
Indicates that existing ACL entries that have a common security principal as a new defined rule should be
replaced with the newer rule. If the Replace
parameter is specified, this parameter is ignored.
Required? false
Position? named
Default value False
Accept pipeline input? false
Accept wildcard characters? false
-Credential <PSCredential>
Specifies a user account that has permission to perform this action. The default is the current user.
Type a user name, such as "User01" or "Domain01\\User01", or enter a PSCredential object, such as one generated
by the Get-Credential cmdlet. If you type a user name, you will be prompted for a password.
Required? false
Position? named
Default value [System.Management.Automation.PSCredential]::Empty
Accept pipeline input? false
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
System.String
System.DirectoryServices.ActiveDirectoryAccessRule[]
OUTPUTS
None
NOTES
AUTHOR: Michael Haken
LAST UPDATE: 1/7/2017
-------------------------- EXAMPLE 1 --------------------------
PS C:\\>Set-ADObjectAcl -Domain contoso.com -ObjectCN "CN=AdminSDHolder,CN=System" -Rules $Rules
Adds permissions to the AdminSDHolder container in the contoso.com domain with the ACL rules provided.
-------------------------- EXAMPLE 2 --------------------------
PS C:\\>Set-ADObjectAcl -ObjectDN "CN=AdminSDHolder,CN=System,DC=contso,DC=com" -Rules $Rules -Replace
Sets permissions on the AdminSDHolder container in the contoso.com domain with the ACL rules provided. All
existing ACL entries are replaced
with the provided rules.
RELATED LINKS
SYNOPSIS
Sets permissions on an Active Directory object.
SYNTAX
Set-ADObjectAcl [-ObjectDN] <String> -Rules <ActiveDirectoryAccessRule[]> [-Replace]
[-ReplaceForExistingPrincipal] [-Credential <PSCredential>] [<CommonParameters>]
Set-ADObjectAcl [-ObjectCN] <String> [[-Domain] <String>] -Rules <ActiveDirectoryAccessRule[]> [-Replace]
[-ReplaceForExistingPrincipal] [-Credential <PSCredential>] [<CommonParameters>]
DESCRIPTION
Will set permissions on an Active Directory object with the provided rule set and Object CN. ACLs for security
principals that are defined as part of
the rule set provided will be replaced with the updated rules. Other ACLs rules will not be affected unless the
Replace switch is defined.
PARAMETERS
-ObjectCN <String>
The CN of the object being configured up to the domain part of the DN. This can be an empty string to
configure the domain object.
Required? true
Position? 1
Default value
Accept pipeline input? false
Accept wildcard characters? false
-Domain <String>
The domain in which to configure the object's ACL.
Required? false
Position? 2
Default value
Accept pipeline input? false
Accept wildcard characters? false
-ObjectDN <String>
The DistinguishedName of the object being configured.
Required? true
Position? 1
Default value
Accept pipeline input? true (ByValue)
Accept wildcard characters? false
-Rules <ActiveDirectoryAccessRule[]>
An array of Active Directory Access Rules
Required? true
Position? named
Default value
Accept pipeline input? true (ByValue)
Accept wildcard characters? false
-Replace [<SwitchParameter>]
Indicates that all ACL entries on the object should be replaced with the provided rules. If this is not
specified, the provided rules are only
added to the existing rules.
Required? false
Position? named
Default value False
Accept pipeline input? false
Accept wildcard characters? false
-ReplaceForExistingPrincipal [<SwitchParameter>]
Indicates that existing ACL entries that have a common security principal as a new defined rule should be
replaced with the newer rule. If the Replace
parameter is specified, this parameter is ignored.
Required? false
Position? named
Default value False
Accept pipeline input? false
Accept wildcard characters? false
-Credential <PSCredential>
Specifies a user account that has permission to perform this action. The default is the current user.
Type a user name, such as "User01" or "Domain01\\User01", or enter a PSCredential object, such as one generated
by the Get-Credential cmdlet. If you type a user name, you will be prompted for a password.
Required? false
Position? named
Default value [System.Management.Automation.PSCredential]::Empty
Accept pipeline input? false
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
System.String
System.DirectoryServices.ActiveDirectoryAccessRule[]
OUTPUTS
None
NOTES
AUTHOR: Michael Haken
LAST UPDATE: 1/7/2017
-------------------------- EXAMPLE 1 --------------------------
PS C:\\>Set-ADObjectAcl -Domain contoso.com -ObjectCN "CN=AdminSDHolder,CN=System" -Rules $Rules
Adds permissions to the AdminSDHolder container in the contoso.com domain with the ACL rules provided.
-------------------------- EXAMPLE 2 --------------------------
PS C:\\>Set-ADObjectAcl -ObjectDN "CN=AdminSDHolder,CN=System,DC=contso,DC=com" -Rules $Rules -Replace
Sets permissions on the AdminSDHolder container in the contoso.com domain with the ACL rules provided. All
existing ACL entries are replaced
with the provided rules.
RELATED LINKS