# Define the parent folder to check permissions on
$foldertosearch = "c:\temp\kamal";
# Where to save the results
$exportfile = "c:\temp\kamal\permissions.csv"
# Delimiter used in the output file - DO NOT use a comma
$exportdelimiter = "^";
# Get all folder and sub-folder paths
$parentfolder = @(get-item $foldertosearch);
$subfolders = @(get-childitem $foldertosearch -recurse);
$allfolders = $parentfolder + $subfolders;
# Get domain name as a wildcard
$domainwildcard = (get-addomain).netbiosname + "*";
# Recursive function to find groups and sub groups
function get-subgroups ($groupname, $foldername, $rights) {
# Get all members of the group
$members = get-adgroup $groupname | get-adgroupmember;
# Loop through each member
foreach ($member in $members) {
# If a sub-group is found, recurse
if ($member.objectclass -eq "group") {
get-subgroups $member.samaccountname $foldername $rights;
}
# If a user is found, export results
if ($member.objectclass -eq "user") {
$output = ($folder.fullname, $permission.filesystemrights, $groupname, $member.name) -join $script:exportdelimiter;
$output >> $script:exportfile;
}
}
}
# Loop through each folder
foreach ($folder in $allfolders) {
# Get ACLS
$acls = get-acl $folder.fullname;
# Loop through each ACL on the folder
foreach ($acl in $acls) {
$access = $acl.access;
# Loop through each permission within the ACL
foreach ($permission in $access) {
# Only check identities matching the domain name
if ($permission.identityreference -like $domainwildcard) {
# Remove the domain name from the identity
$identity = ($permission.identityreference -split "\\")[1];
# Get AD Object
$adobject = get-adobject -filter 'SamAccountName -eq $identity';
# If the identity is a group, recurse
if ($adobject.objectclass -eq "group") {
get-subgroups $identity $folder.fullname $permission.filesystemrights;
}
# If a user is found, export results
if ($adobject.objectclass -eq "user") {
$output = ($folder.fullname, $permission.filesystemrights, "Direct Assignment", $identity) -join $exportdelimiter;
$output >> $exportfile;
}
}
}
}
}