Get-QADObjectSecurity
From PowerGUI Wiki
Retrieve security information, such as the owner information or the security descriptor in a string format, from a directory object or objects.
Contents |
Syntax
Get-QADObjectSecurity [-Identity] <IdentityParameter> -Owner [-Proxy] [-Service <String>] [-ConnectionAccount <String>] [-ConnectionPassword <SecureString>] [-Credential <PSCredential>] [-Connection <ArsConnection>] [-UseGlobalCatalog] [<CommonParameters>]
Get-QADObjectSecurity [-Identity] <IdentityParameter> -Sddl [-Proxy] [-Service <String>] [-ConnectionAccount <String>] [-ConnectionPassword <SecureString>] [-Credential <PSCredential>] [-Connection <ArsConnection>] [-UseGlobalCatalog] [<CommonParameters>]
Detailed Description
Use this cmdlet to retrieve security information from an object in the directory (directory object). Thus, you can get an object representing the owner of a given directory object. You can also have this cmdlet return the security descriptor of a directory object in a string format defined by the security descriptor definition language (SDDL).
The cmdlet has optional parameters that determine the server and the security context for the operation. The connection parameters could be omitted since a connection to a server is normally established prior to using this cmdlet. In this case, the server and the security context are determined by the Connect-QADService cmdlet.
If you do not use Connect-QADService and have no connection established prior to using a cmdlet, then the connection settings, including the server and the security context, are determined by the connection parameters of the first cmdlet you use. Subsequent cmdlets will use those settings by default.
Related Commands
Parameters
| Name | Description | Required? | Pipeline Input | Default Value |
|---|---|---|---|---|
| Identity | Specify the identity (such as name, distinguished name, domain\name, etc.) of a directory object you want. The cmdlet will retrieve information from the security descriptor of that object.
You can use pipelining to identify a directory object: pass the output of the appropriate Get- cmdlet to this cmdlet. If you do so, the Identity parameter is not to be supplied on the command line. See examples. | true | true (ByValue) | |
| Owner | Supply this parameter for the cmdlet to return an object that represents the owner of the given directory object. | true | false | |
| Proxy | For parameter description, see help on the Connect-QADService cmdlet. | false | false | |
| Service | For parameter description, see help on the Connect-QADService cmdlet. | false | false | |
| ConnectionAccount | For parameter description, see help on the Connect-QADService cmdlet. | false | false | |
| ConnectionPassword | For parameter description, see help on the Connect-QADService cmdlet. | false | false | |
| Credential | For parameter description, see help on the Connect-QADService cmdlet. | false | false | |
| Connection | For parameter description, see help on the Connect-QADService cmdlet. | false | true (ByValue) | |
| UseGlobalCatalog | For parameter description, see help on the Connect-QADService cmdlet. | false | false | |
| Sddl | Supply this parameter for the cmdlet to return the given directory object's security descriptor in a string format. The string format is defined by the security descriptor definition language (SDDL). You can use the string format to store or transmit the security descriptor. For a description of the string format, see the topic Security Descriptor Definition Language in the MSDN Library at http://msdn.microsoft.com | true | false |
Examples
Example 1
Get-QADObjectSecurity 'domainName\groupName' -Owner
Get the object that represents the owner of a given group.
Example 2
Get-QADObjectSecurity 'DistinguishedNameOfTheObject' -SDDL
For a given directory object, list the security descriptor in a string format.
Example 3
Get-QADComputer -SearchRoot 'dom.lab.local/Computers' -SecurityMask 'Owner' | ForEach-Object {$computer=$_; Get-QADObjectSecurity $_ -Owner | Select-Object @{Name='Computer'; Expression={$computer.DN}}, @{Name='Owner'; Expression={$_.DN}}}
For every computer object held in the Computers container in domain dom.lab.local, list the distinguished name of the owner of the computer object.
