As part of a file server consolidation effort, I was tasked to come up with a method to move multiple shares on multiple shares to a WSFC. I have decided to document my steps and to see if I have come up with logical steps.
- Identify all drive mapping GPOs.
- Identify which servers are file servers and which are not. (There were few file shares that are related to applications)
- List all shares for each identified file server.
- For each share in each file server, develop a method to extract:
i. Users in each AD group that are part if 4.a ACLs.
Powershell Script to extract data.
#--1
#extracts ntfs permissions of a folder
Get-Acl D:\Root\xyz | Format-Table -Wrap
#--2
#list all subdirectories under a folder
$FolderPath = Get-ChildItem -Directory -Path "D:\Root\xyz" -Recurse -Force
#Lists ntfs permissions of all the subfolders
#Initialize an array to hold the results
$Results = @()
ForEach ($Folder in $FolderPath) {
$Acl = Get-Acl -Path $Folder.FullName
ForEach ($Access in $Acl.Access) {
$Properties = [ordered]@{
'Folder Name' = $Folder.FullName
'Group/User' = $Access.IdentityReference
'Permissions' = $Access.FileSystemRights
'Inherited' = $Access.IsInherited
}
# Create a new PSObject and add it to the results array
$Results += New-Object -TypeName PSObject -Property $Properties
}
}
# Export the results to a CSV file
$Results | Export-Csv -Path C:\d_root_evtest_acls.csv -NoTypeInformation
#--3
#List unique objects from $Results
$Results.'group/user' | Sort-Object | Get-Unique
#--4
#Run this step for each unique AD Group that gets identified in step 3
#Get AD Group members email addresses
$groupmembers = Get-ADGroupMember -Identity abc_group | Select-Object -ExpandProperty SamAccountName
$Results = @()
foreach($groupmember in $groupmembers) {
$groupuser = Get-ADUser -Identity $groupmember -Properties Name, SamAccountName, EmailAddress
# Create a PSObject with user details
$Result = new-object psobject -Property @{
DisplayName = $groupuser.Name
SamAccountName = $groupuser.SamAccountName
Email = $groupuser.EmailAddress
}
# Add the result to the results array
$Results += $Result
$Result= $Null
}
$Results
No comments:
Post a Comment