Steps to extract ntfs share details from file server shares

As part of a file server consolidation effort, I was tasked to come up with a method to move multiple shares on multiple shares to a WSFC. I have decided to document my steps and to see if I have come up with logical steps.

1. Identify all drive mapping GPOs.
2. Identify which servers are file servers and which are not. (There were few file shares that are related to applications)
3. List all shares for each identified file server.
4. For each share in each file server, develop a method to extract:

            a. ACL details
                i. Users in each AD group that are part if 4.a ACLs.

Powershell Script to extract data.

#--1

#extracts ntfs permissions of a folder

Get-Acl D:\Root\xyz | Format-Table -Wrap

#--2

#list all subdirectories under a folder

$FolderPath = Get-ChildItem -Directory -Path "D:\Root\xyz" -Recurse -Force

#Lists ntfs permissions of all the subfolders

#Initialize an array to hold the results

$Results = @()

ForEach ($Folder in $FolderPath) {

    $Acl = Get-Acl -Path $Folder.FullName

    ForEach ($Access in $Acl.Access) {

        $Properties = [ordered]@{

            'Folder Name'  = $Folder.FullName

            'Group/User'   = $Access.IdentityReference

            'Permissions'   = $Access.FileSystemRights

            'Inherited'     = $Access.IsInherited

        }

        # Create a new PSObject and add it to the results array

        $Results += New-Object -TypeName PSObject -Property $Properties

    }

}

# Export the results to a CSV file

$Results | Export-Csv -Path C:\d_root_evtest_acls.csv -NoTypeInformation

#--3

#List unique objects from $Results

$Results.'group/user' | Sort-Object | Get-Unique

#--4

#Run this step for each unique AD Group that gets identified in step 3

#Get AD Group members email addresses

$groupmembers = Get-ADGroupMember -Identity abc_group | Select-Object -ExpandProperty SamAccountName

$Results = @()  

foreach($groupmember in $groupmembers) {

    $groupuser = Get-ADUser -Identity $groupmember -Properties Name, SamAccountName, EmailAddress

    # Create a PSObject with user details

       $Result = new-object psobject -Property @{

        DisplayName = $groupuser.Name

        SamAccountName = $groupuser.SamAccountName

        Email = $groupuser.EmailAddress

        }

    # Add the result to the results array

$Results += $Result

$Result= $Null

}

$Results