List directories where object have explicit permissions set.

Today I got a case from a user who wanted to know which directories that would be effected if he deleted a security group. This is a typical case that that often end up on second or third-line, therefor I wrote a function so that help-desk easily can do it the next time a user adds a similar case. First it lists all sub directories of the  path specified, it then uses a foreach loop  to find out if the object specified exists in  the IdentityReference property and list the pspath. since pspath includes “Microsoft.PowerShell.Core\FileSystem::” when you try to export to csv i had to do a replace with nothing to get a clean path. when trying to replace i got an error “The regular expression pattern”…”is not valid”  since there is a “\” and -replace parses the string as an regular expression you need to escape it by putting another “\” in front of it. I made the export to file so my colleagues would get a file to mail to the user.


#NAME: GetExplcitDirectoryAcl.ps1
#AUTHOR: Viktor Lindström
#COMMENTS: List directories where ADobject(or local) have explicit ACL.

function get-diracl {

Gets AD-objects explicit ACL on directories

Gets AD-objects explicit ACL on directory specified in parameter and all the sub-directories.


Specifies which directory to lookup

specifies which ad-object to use

C:\ps>get-diracl -path h: -adobject huddinge\sonmat
This command get disk H: and all sub-directories and lists all directories where user huddinge\sonmat have excplicit permissions and lists them in file "C:\temp\directories.txt"  

C:\ps>get-diracl -path \\srv-fil02\d$ -adobject "huddinge\BG testgrupp"



[string] $path,
[string] $adobject)

$directories = get-childitem -Recurse -directory -Path $path 
$dirs = @()

foreach ($directory in $directories)

$dirs += get-acl $directory.fullname | select * -ExpandProperty access| where-object {$_.IdentityReference -eq $adobject} | select pspath

$dirsclean = $dirs.pspath -replace "Microsoft.PowerShell.Core\\FileSystem::", ""
$dirsclean >C:\temp\directories.txt