Develop Reference

Problem with the setting IsInherited in my powershell script

I have to make a script who change users domain of my shared folder and add them in addition to the existing users rights.
1st :
I do a script in PowerShell to get all NTFS rights of my directories (It worked perfectly) :
$FolderPath = Get-ChildItem -Directory -LiteralPath "C:\MYPATH" -Recurse -Force
$Report = #()
Foreach ($Folder in $FolderPath) {
$Acl = Get-Acl -Path $Folder.FullName
foreach ($Access in $acl.Access)
{
$Properties = [ordered]#{'FolderName'=$Folder.FullName;'Users'=$Access.IdentityReference;'Rights'=$Access.FileSystemRights;'Inherit'=$Access.IsInherited;}
$Report += New-Object -TypeName PSObject -Property $Properties
}
}
$Report | Export-Csv -Encoding UTF8 -LiteralPath "E:\MYPATH\FolderPermissions2.csv"
2nd : I modify my CSV to find and replace with my new domain.
There is a part of my CSV :
"E:\test migration\MYPATH\MYPATH à la tireuse plans","BUILTIN\Users","AppendData","True"
"E:\test migration\MYPATH\MYPATH","BUILTIN\Users","CreateFiles","True"
"E:\test migration\MYPATH","OLD_DOMAIN\user_name","FullControl","True"
"E:\test migration\MYPATH","OLD_DOMAIN\user_name","ReadAndExecute, Synchronize","True"
"E:\test migration\MYPATH","BUILTIN\Administrators","FullControl","True"
"E:\test migration\MYPATH","NT AUTHORITY\SYSTEM","FullControl","True"
"E:\test migration\MYPATH","OLD_DOMAIN\a_nbe","FullControl","True"
3rd : And I do another script to re-import all rights from my modified CSV and Set them to the same folder :
Import-Module NTFSSecurity
Import-Module ActiveDirectory
$CSV = Import-Csv -Delimiter "," -LiteralPath "E:\MYPATH\FolderPermissions2.csv"
$CSV | ForEach-Object {
$FolderName = $_.FolderName
$Users = $_.Users
$Rights = $_.Rights
$Inherit = $_.Inherit
Add-NTFSAccess -Path $FolderName -IdentityReference $Users -FileSystemRights $Rights
$acl = Get-Acl $FolderName
if ($Inherit = "True", $acl.SetAccessRuleProtection($false,$True)) {
} else {
$acl.SetAccessRuleProtection($false,$False)
}
}
The first part of this script worked perfectly, all of my folder get the "new users" with my new domain with exactly the same rights.
BUT the part where I define my "IsInherited" don't work, I get the path and not my boolean...
screenshot of the error
Anybody has an idea where I do a mistake, please ?
Thank you !

Get LastWriteTime of a particular file

I'm using Windows 10 Enterprise 1709 and PowerShell ISE v5. I am trying to get the last write time to the file deployment.properties by checking to see if the testpath holds the file and if it does, write the LastWriteTime of that file. I'm not sure I'm doing this the correct way. Any help showing me how to make this work would be appreciated. I've tried several options but this is the only one that doesn't produce an error. However, the code runs, completes without error but doesn't produce and output. My code is listed below first and then the output I see on the PowerShell ISE screen.
Set-ExecutionPolicy Bypass
$env:COMPUTERNAME = HostName
$DeplPath = "AppData\LocalLow\Sun\Java\Deployment\deployment.properties"
$dateTime = foreach ($User in Get-ChildItem C:\Users -Directory) {
$folderFile = Join-Path $javauser.FullName $DeplPath
if (Test-Path $folderFile) {
$testResult = Get-ChildItem | select -Property fullName, LastWriteTime
} Else {
$testResult = "Not found - deployment.properties"
}
}
$dateTime
Below is the output I get which returns no information.
PS C:\WINDOWS\system32> Set-ExecutionPolicy Bypass
$env:COMPUTERNAME = HostName
$DeplPath = "AppData\LocalLow\Sun\Java\Deployment\deployment.properties"
$dateTime = foreach ($User in Get-ChildItem C:\Users -Directory) {
$filelist = Join-Path $User.FullName $file
if (Test-Path $filelist) {
$testResult = Get-ChildItem $dateTime | select -Property fullName, LastWriteTime
} Else {
$testResult = "Not found - deployment.properties"
}
}
$dateTime
PS C:\WINDOWS\system32>
Newly modified code below
Set-ExecutionPolicy Bypass
$env:COMPUTERNAME = HostName
$DeplPath = "AppData\LocalLow\Sun\Java\Deployment\deployment.properties"
$dateTime = foreach ($User in Get-ChildItem C:\Users -Directory) {
$folderFile = Join-Path $User.FullName $DeplPath
if (Test-Path $folderFile) {
$testResult = Get-ChildItem | select -Property fullName, $DeplPath.LastWriteTime
} Else {
$testResult = "Not found - deployment.properties"
}
[PSCustomObject]#{
"Computer Name" = $env:COMPUTERNAME
"Java User True/False" = $TestResult
"Users" = $user.Name
"Last Write Time" = $testResult.LastWriteTime
}
}
$dateTime

Try this out. Your property select for the get-childitem were mislabeled.
Set-ExecutionPolicy Bypass
$env:COMPUTERNAME = HostName
$DeplPath = "AppData\LocalLow\Sun\Java\Deployment\deployment.properties"
$dateTime = foreach ($User in Get-ChildItem C:\Users -Directory) {
$folderFile = Join-Path $User.FullName $DeplPath
$test = Test-Path $folderFile
if ($test -eq $True) {
$testResult = Get-ChildItem $folderfile | select -Property Name, LastWriteTime
} Else {
$testResult = "Not found - deployment.properties"
}
[PSCustomObject]#{
"Computer Name" = $env:COMPUTERNAME
"Java User True/False" = $TestResult
"Users" = $user.Name
"Last Write Time" = $testResult.LastWriteTime
}
}
$dateTime

ERROR New-ADUser :The supplied user buffer is not valid

I made a PowerShell script to create Active Directory users from a CSV file. For one specific user I get this error
As you can see, the user has been successfully created though. All other users have been made as well. Does anyone know what this error means?
Script:
Import-Module ActiveDirectory
$csv_file = Read-Host -Prompt "Path naar CSV bestand?"
$pwd = Read-Host -Prompt "Password for users?" -AsSecureString
$csv_file = $csv_file.Replace('"','')
$csv_list = Import-Csv $csv_file
$domainname = Get-ADDomain
$domainname = $domainname.DNSRoot
$server = hostname
$usernames = (get-aduser -Filter *).name
$i = 0
foreach ($adUser in $csv_list) {
$department = $adUser.Department
if ($adUser.GivenName) {
$givenname = $adUser.GivenName
}
else {
$givenname = $adUser.FirstName
}
if ($adUser.Surname) {
$surname = $adUser.Surname
}
else {
$surname = $adUser.LastName
}
$username = ("${givenname}.${surname}" -replace (' ','')).ToLower()
if ($username -in $usernames -eq $true) {
$number = 1
}
$variableusername = $username
while ($variableusername -in $usernames -eq $true) {
$number += 1
$variableusername = [string]($username + $number)
}
$username = $variableusername
$usernames += $username
$sam = $username
if ($sam.Length -gt 20) {
$sam = $sam.Substring(0,20)
}
$path = (Get-ADOrganizationalUnit -Filter * | Where-Object -Property Name -eq $department).DistinguishedName | Select-Object -First 1
if ($path -eq $False) {
$department = Read-Host -Prompt "Could not find an OU for user $username in department ${department}. Please specify the correct OU"
$path = (Get-ADOrganizationalUnit -Filter * | Where-Object -Property Name -eq $department).DistinguishedName | Select-Object -First 1
}
$password = $pwd
$email = "${username}#${domainname}"
$title = $adUser.Title
$dpn = "${givenname} ${surname}"
New-ADUser -name $username -path $path -UserPrincipalName "${username}#${domainname}" -GivenName $givenname -Surname $surname -Department $department -AccountPassword $password -EmailAddress $email -ChangePasswordAtLogon $False -Title $title -Enabled $True -Server $server -DisplayName $dpn -SamAccountName $sam
Add-ADGroupMember -Identity "G_${department}" -Members $sam
$i++
Write-Progress -activity "Creating users . . ." -status "Created: $i of $($csv_list.Count)" -percentComplete (($i / $csv_list.Count) * 100)
}

Error with code "Missing = operator after key in hash literal, hash literal was incomplete"

I have a list of users in a CSV File that I want to find out if/when they last logged in. I can get this info for an individual account but I need to write this to a file for several accounts.
The error I'm getting:
At line:5 char:7
import-module activedirectory
Missing = operator after key in hash literal
hash literal was incomplete
My Code:
$resultList = #()
Import-Csv C:\Users\admin\Desktop\SamAccountName.csv -header("SamAccountName") | Foreach-Object{
$user = ([adsisearcher]"(samAccountName=$($_.SamAccountName))").FindOne()
$resultList += New-Object -TypeName PSObject -Property #{
SamAccountName = $_.SamAccountName
Import-Module ActiveDirectory
function Get-ADUserLastLogon([string]$_.userName)
{
$dcs = Get-ADDomainController -Filter {Name -like "*"}
$time = 0
foreach($dc in $dcs)
{
$hostname = $dc.HostName
$user = Get-ADUser $userName | Get-ADObject -Properties lastLogon
if($user.LastLogon -gt $time)
{
$time = $user.LastLogon
}
}
$dt = [DateTime]::FromFileTime($time)
Write-Host $username "last logged on at:" $dt }
Get-ADUserLastLogon -UserName $user
}
}
}
$resultList | export-csv -Path c:\users\admin\desktop\SamAccountName_results.csv -NoTypeInfo

Instead of this:
$user = ([adsisearcher]"(samAccountName=$($_.SamAccountName))").FindOne()
$resultList += New-Object -TypeName PSObject -Property #{
SamAccountName = $_.SamAccountName
Please do this:
$user = ([adsisearcher]"(samAccountName=$($_.SamAccountName))").FindOne()
$resultList += New-Object -TypeName PSObject -Property #{
SamAccountName = $_.SamAccountName
}

Getting Permissions From Remote Share (PowerShell)

I am writing a script to get permissions and some other info on shares throughout the a network and I am having trouble getting the shares permissions. I read online that one can use "GetAccessMask" but I thought it was just for the current user.
#loop for each computer in computers file
ForEach ($computer in $allComputers)
{
Write-Host "Checking - $computer"
If($computer -ne '')
{
#check if online, this uses WMI so if you don't have access to the machine it will show as offline
If(Test-Connection -Computername $computer -ErrorAction SilentlyContinue)
{
$shares = Get-WmiObject -Class Win32_share -ComputerName $computer -Credential $uCredentials
ForEach($share in $shares)
{
$sName = $share.Name
$sPath = $share.Path
$sDesc = $share.Description
$objShare = New-Object -TypeName PSObject
$objShare = Add-Member -PassThru -InputObject $objShare -NotePropertyName Server -NotePropertyValue $computer
$objShare = Add-Member -PassThru -InputObject $objShare -NotePropertyName Online -NotePropertyValue $True
$objShare = Add-Member -PassThru -InputObject $objShare -NotePropertyName Share -NotePropertyValue $sName
$objShare = Add-Member -PassThru -InputObject $objShare -NotePropertyName Path -NotePropertyValue $sPath
$objShare = Add-Member -PassThru -InputObject $objShare -NotePropertyName Description -NotePropertyValue $sDesc
$objShare | Export-CSV -Path $fOutfile -Append -NoClobber -NoTypeInformation
}
}
}
}
Above is a snippet of my script (as a whole it reads server list from a file, lists the share name,path, description) and I am wondering if anyone knows how I could get permissions on a given share for all users/groups with rights to the share.
Thanks in advance!

After you get the Shares from win32_share Class, Get the Share Permissions from the Win32_LogicalShareSecuritySetting Class, like this:
$Shares = Get-WmiObject Win32_Share -ComputerName $computer -Credential $uCredentials |
? {$_.Type -eq 0} ## 0 for Disk Drive shares only see: https://learn.microsoft.com/en-us/windows/win32/cimwin32prov/win32-share
$Array = #()
$ACL = #()
Foreach ($Share in $Shares)
{
$ShareName = $share.name
$SharePermissions = Get-WmiObject Win32_LogicalShareSecuritySetting -Filter "name='$ShareName'" -ComputerName $computer
Foreach ($SP in $SharePermissions)
{
$SecDesc = $SP.GetSecurityDescriptor().Descriptor
foreach($ace in $SecDesc.DACL){
$UserName = $ace.Trustee.Name
If ($ace.Trustee.Domain -ne $Null) {$UserName = "$($ace.Trustee.Domain)\$UserName"}
If ($ace.Trustee.Name -eq $Null) {$UserName = $ace.Trustee.SIDString }
$ACL += New-Object Security.AccessControl.FileSystemAccessRule($UserName, $ace.AccessMask, $ace.AceType)
}
}
$Results = "" | Select Server,Name,Status,Path,Description, ID, Rights
$Results.Server = $Share.__Server
$Results.Name = $Share.Name
$Results.Status = $Share.Status
$Results.Path = $Share.Path
$Results.Description = $Share.Description
$Results.ID = $ACL | % {$_.IdentityReference}
$Results.Rights = $ACL | % {$_.FileSystemRights}
$Results = $Results | ? {$_.id -ne $null}
$Array += $Results
}
$Array