Home » PowerShell » Get Active Directory OU Permissions Report

Get Active Directory OU Permissions Report

The Get-AdOrganizational cmdlet in PowerShell gets organizational units. Using the Get-Acl cmdlet in PowerShell, it gets an Active Directory OU permissions report.

Get-Acl cmdlet in PowerShell gets the object which contains an access control list for files or resources.

You can view the Active Directory OU permissions through the Security tab in ADUC (Active Directory Users and Computers).

Ad Organizational Unit Permissions
Ad Organizational Unit Permissions

In this article, we will discuss how to get active directory OU permissions reports and export them to the CSV file, check ad OU permission in the active directory using ADUC.

Get Active Directory OU Permissions Report

Use the Get-ACL cmdlet in PowerShell to get a security descriptor that contains the access control list. Using it with the Get-AdOrganizationalUnit cmdlet in the ad get an Active Directory OU permission report.

 Get-ADOrganizationalUnit -Filter * | %{(Get-ACL "AD:$($_.distinguishedname)").access} | Export-Csv -Path C:\PowerShell\AdOU_Permissions_Report.csv -NoTypeInformation

In the above PowerShell script, it gets an active directory organizational unit permission report, and using the Export-CSV cmdlet in PowerShell, it exports the active directory OU permission report to the CSV file.

Cool Tip: How to get an active directory user permissions report!

Check OU Permission Report

Using the Get-AdOrganizationalUnit in PowerShell, it gets one or more active directory OU.

To get the OU permission report using the PowerShell script, run the following command.

(Get-ACL "AD:$((Get-ADOrganizationalUnit -Identity 'OU=HR,DC=SHELLPRO,DC=LOCAL').distinguishedname)").access | Select IdentityReference,AccessControlType

In the above PowerShell script, Get-AdOrganizationalUnit gets OU specified by Identity parameter.

Get-ACL cmdlet gets security descriptor for the OU retrieved using Get-AdOrganizationalUnit and Select its IdentityReference and AccessControlType properties.

The script gets the OU permission in the active directory.

Get OU Permission Report in Active Directory
Get OU Permission Report in Active Directory

Conclusion

I hope the above article using Get-Acl to get an active directory OU permissions report is helpful to you.

Cool Tip: How to get permissions on folders and subfolders using PowerShell!

You can find more topics about PowerShell Active Directory commands and PowerShell basics on the ShellGeek home page.