update

Step-05-Set-OUGroupPermissions.ps1

@@ -0,0 +1,39 @@
+<#
+
+#>
+
+cls
+
+#throw "This is not a robus script"
+$location = Get-Location
+Set-Location C:\Tools
+
+Import-Module ActiveDirectory
+
+$Fichier = "OU-Group-Permissions.csv"
+
+$List = Import-Csv -Path $Fichier -Delimiter ";"
+
+$rootdse = Get-ADRootDSE
+$domain = Get-ADDomain
+$guidmap = @{ }
+Get-ADObject -SearchBase ($rootdse.SchemaNamingContext) -LDAPFilter "(schemaidguid=*)" -Properties lDAPDisplayName, schemaIDGUID | ForEach-Object { $guidmap[$_.lDAPDisplayName] = [System.GUID]$_.schemaIDGUID }
+$extendedrightsmap = @{ }
+Get-ADObject -SearchBase ($rootdse.ConfigurationNamingContext) -LDAPFilter "(&(objectclass=controlAccessRight)(rightsguid=*))" -Properties displayName, rightsGuid | ForEach-Object { $extendedrightsmap[$_.displayName] = [System.GUID]$_.rightsGuid }
+
+$List | ForEach-Object {
+    $ouPrefix = $_.OUPrefix
+    $Group = $_.Group
+    $ouPath = "$OUPrefix,$($domain.DistinguishedName)"
+    $ou = Get-ADOrganizationalUnit -Identity $OUPAth
+    
+    $adGroup = New-Object System.Security.Principal.SecurityIdentifier (Get-ADGroup -Identity $Group).SID
+    
+    $acl = Get-ACL -Path "AD:$($ou.DistinguishedName)"
+    $acl.AddAccessRule((New-Object System.DirectoryServices.ActiveDirectoryAccessRule $adGroup, "CreateChild", "Allow", $guidmap["group"], "ALL"))
+    $acl.AddAccessRule((New-Object System.DirectoryServices.ActiveDirectoryAccessRule $adGroup, "ReadProperty", "Allow", "Descendents", $guidmap["group"]))
+    $acl.AddAccessRule((New-Object System.DirectoryServices.ActiveDirectoryAccessRule $adGroup, "WriteProperty", "Allow", "Descendents", $guidmap["group"]))
+    
+    Write-Host "Configuring Group Permissions on '$ouPath' for group '$Group'"
+    Set-ACL -ACLObject $acl -Path ("AD:\" + ($ou.DistinguishedName))
+}