Wednesday 26 February 2014

Export and Import NTFS permission with Powershell from one domain to another

Steps:
Export Permissions
Modify the permissions.csv file - Change the domain name
Import permissions

Assumptions:
User name are same in both domains
Folder structure remains the same

 Exports.ps1
Get-ChildItem "S:\Folder" -Recurse | ?{ $_.PsIsContainer } | %{
  $Path = $_.FullName
  # Exclude inherited rights from the report
  (Get-Acl $Path).Access | ?{ !$_.IsInherited } | Select-Object `
    @{n='Path';e={ $Path }}, IdentityReference, AccessControlType, `
    InheritanceFlags, PropagationFlags, FileSystemRights
} | Export-CSV "c:\temp\Permissions.csv"

Import.ps1
$par = Import-Csv -Path "c:\temp\Permissions.csv"

foreach ( $i in $par )
 {
 $path= $i.Path
 $IdentityReference= $i.IdentityReference
        $AccessControlType=$i.AccessControlType
        $InheritanceFlags= $i.InheritanceFlags
        $PropagationFlags=$i.PropagationFlags
        $FileSystemRights=$i.FileSystemRights
        echo $path $IdentityReference
        $acl = Get-Acl c:\temp
        $permission = $i.IdentityReference,$i.FileSystemRights,$i.AccessControlType
        $accessRule = new-object System.Security.AccessControl.FileSystemAccessRule $permission
        $acl.SetAccessRule($accessRule)
        #$objACE = New-Object System.Security.AccessControl.FileSystemAccessRule     ($IdentityReference, $FileSystemRights, $InheritanceFlags, $PropagationFlags, $AccessControlType)
        #$objACL.AddAccessRule($objACE)
        $acl | Set-Acl $path
        }





Posted by at
Labels:

11 comments:

  1. fascik28 October 2014 at 04:51

    Hi, thank You for script. Export works perfect, but when I try to import permissions from CSV Import.ps1 imports only las user/permission from CSV file :(

    ReplyDelete
  2. Unknown10 February 2015 at 20:15

    change line:
    $acl = Get-Acl c:\temp
    $permission = $i.IdentityReference,$i.FileSystemRights,$i.AccessControlType

    to become:
    $acl = Get-Acl $path
    $permission = $IdentityReference, $FileSystemRights, $InheritanceFlags, $PropagationFlags, $AccessControlType

    ReplyDelete
    Replies
    1. Anonymous26 June 2018 at 06:57

      hello,
      when run import this message displays:
      At line:14 char:37
      + $permission = $.Identity, $.FileSystemRights, $.AccessC ...
      + ~
      Missing argument in parameter list.
      + CategoryInfo : ParserError: (:) [], ParentContainsErrorRecordException
      + FullyQualifiedErrorId : MissingArgument
      can you help me please?
      best regards

      Delete
  3. fascik10 February 2015 at 21:34

    Thanks Kevin :)

    ReplyDelete
  4. Unknown12 August 2015 at 10:50

    How can you import the inheritance flags?
    I have removed the comment in the 2 lines of the import file but now receiving error.
    "You cannot call a method on a null-valued expression"

    Thank you

    ReplyDelete
  5. TZ16 October 2015 at 08:50

    I got the same error, when i changed the paths in permissions.csv, found out that the Problem was Excel, Changed path with Notepad++, everything worked.

    ReplyDelete
  6. Jr. Williams20 January 2016 at 05:39

    WHAT IS THE DIFFRENCE FAT32 & NTFS ?
    ntfs permissions analyzer

    ReplyDelete
  7. Unknown23 May 2017 at 09:05

    Is there a way to extract group permissions as well as user permissions? I have the same group names in both domains and want to migrate the group permissions too.

    ReplyDelete
  8. Anonymous16 July 2018 at 09:20

    Seth - it already does group permissions for me without changes.

    ReplyDelete
  9. Anonymous13 May 2019 at 03:51

    Import code does not work, unexpected error code number 1

    ReplyDelete

Subscribe to: Post Comments (Atom)