Remove ACL Entry from an OU

All replies

• 

  

  0

  Sign in to vote

  check some of these examples:

  http://msmvps.com/blogs/richardsiddaway/archive/2012/03/11/removing-a-user-from-a-group.aspx

  Thursday, April 18, 2013 4:51 PM
• 

  

  0

  Sign in to vote

  That just removes a user form a group. I need to script the removal of Authenticated Users (Not Inherited) from an OU in AD.

  Friday, April 19, 2013 8:22 AM
• 

  

  0

  Sign in to vote

  Escape \\ : if($value -match "NT Authority\\Authenticated Users")

  Friday, April 19, 2013 8:40 AM
• 

  

  0

  Sign in to vote

  That still does not work. Is anyone aware that this is even possible with powershell? Im struggling with the set-acl command on OUs.

  Friday, April 19, 2013 12:35 PM
• 

  

  0

  Sign in to vote

  I just tested the following sample and it works:

  import-module active*
  set-location ad:
  
  $acl = Get-Acl -Path "ou=testou,dc=woodgrovebank,dc=com"   
  foreach($acc in $acl.access ) 
  { 
      $value = $acc.IdentityReference.Value 
      if($value -eq "NT Authority\Authenticated Users") 
      { 
          $ACL.RemoveAccessRule($acc)
          Set-Acl -Path "ou=testou,dc=woodgrovebank,dc=com" -AclObject $acl -ErrorAction Stop 
          Write-Host "Remove ACL Entry: $value  form" 
      } 
  }

  
  It also works with if($value -match"NT Authority\\Authenticated Users")  as suggested by Kazun.
  

  • Edited by Piotrek82 Friday, April 19, 2013 2:08 PM
  • Marked as answer by MessageUndeliverable Friday, April 19, 2013 2:29 PM

  Friday, April 19, 2013 2:07 PM
• 

  

  0

  Sign in to vote

  Yep works a treat. Many thanks

  Friday, April 19, 2013 2:30 PM
• 

  

  0

  Sign in to vote

  Hi 

  This might work but isnt it setting the whole list of ACL  again instead of removing just one entry from ACL?

  ---

  Guru

  Wednesday, August 5, 2020 9:30 AM