我計算出我的腳本中創建目錄名的所有部分,根據預定義的目錄創建目錄結構,根據附加到硬編碼名稱的項目編號創建AD組,然後將該組添加到特定目錄,並設置該組的ACL。PowerShell Set-Acl New-Object:無法找到「FileSystemAccessRule」的重載和參數計數:「4」
我似乎無法繞過錯誤:
New-Object : Cannot find an overload for "FileSystemAccessRule" and the argument count: "4".
下面是腳本:
$domain="DOMAIN"
$tldn="net"
[email protected]()
$pathArr+=$path1=Read-Host -Prompt "Enter first path"
$pathArr+=$path2=Read-Host -Prompt "Enter second path"
[int]$projectNumber=try { Read-Host -Prompt "Enter project number" } catch { Write-Host "Not a numeric value. Please try again."; exit }
[string]$mainFolder=[string]${projectNumber}+"_"+(Read-Host -Prompt "Please give the main folder name")
$projectNumberString=[string]$projectNumber
$projectName=Read-Host -Prompt "Please give the project name"
$fullProjectName="${projectNumberString}_${projectName}"
$pathArr+=$path3="$path1\$mainFolder"
$pathArr+=$path4="$path2\$mainFolder"
$pathArr+=$path5="$path3\$fullProjectName"
$pathArr+=$path6="$path4\$fullProjectName"
# Region: Create organizational units in Active Directory
# Names
$ouN1="XYZOU"
$ouN2="ABCOU"
# Paths
$ouP0="DC=$domain,DC=$tldn"
$ouP1="OU=$ouN1,$ouP0"
$ouP2="OU=$ouN2,$ouP1"
Write-Host "Checking for required origanization units..."
try
{
New-ADOrganizationalUnit -Name $ouN1 -Path $ouP1
New-ADOrganizationalUnit -Name $ouN2 -Path $ouP2
}
catch
{
Out-Null
}
Write-Host "Creating AD Group..."
[string]$group="BEST_${projectNumberString}"
$groupdomain="$domain\$group"
$ADGroupParams= @{
'Name' = "$group"
'SamAccountName' = "$group"
'GroupCategory' = "Security"
'GroupScope' = "Global"
'DisplayName' = "$group"
'Path' = "OU=MyBusinessOU,DC=$domain,DC=$tldn"
'Description' = "Test share"
}
$secgroup=New-ADGroup @ADGroupParams
# Region: Set permissions
Write-Host "Setting permissions..."
# get permissions
$acl = Get-Acl -Path $path6
# add a new permission
$InheritanceFlags=[System.Security.AccessControl.InheritanceFlags]」ContainerInherit, ObjectInherit」
$FileSystemAccessRights=[System.Security.AccessControl.FileSystemRights]"Traverse","Executefile","ListDirectory","ReadData", "ReadAttributes", "ReadExtendedAttributes","CreateFiles","WriteData", 'ContainerInherit, ObjectInherit', "CreateDirectories","AppendData", "WriteAttributes", "WriteExtendedAttributes", "DeleteSubdirectoriesAndFiles", "ReadPermissions"
$InheritanceFlags=[System.Security.AccessControl.InheritanceFlags]」ContainerInherit, ObjectInherit」
$PropagationFlags=[System.Security.AccessControl.PropagationFlags]」None」
$AccessControl=[System.Security.AccessControl.AccessControlType]」Allow」
$permission = "$groupdomain", "$InheritanceFlags", "$PropagationFlags", "$AccessControl"
$rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $permission
$acl.SetAccessRule($rule)
# set new permissions
$acl | Set-Acl -Path $path6
同樣,我試圖在做什麼,我通常會做手工在Active Directory Windows環境
- 創建AD組
- 組添加到共享
- 設置權限的組
- 這個腳本不會將用戶添加到組
最後一個,也是最後一步是設置權限;不幸的是,當我運行該腳本時,更改語法或方法(以下是幾篇在線文章的示例),並花費了數小時的時間,但我只是沒有取得進展。唯一的進步是它不能超載的數字從18減少到4.
感謝您提前給予的幫助!
編輯
我修改每一個註釋腳本指出,我錯過了$FileSystemAccessRights
說法。
的$permission
變量改爲:
$permission = "$groupdomain", "$FileSystemAccessRights", "$InheritanceFlags", "$PropagationFlags", "$AccessControl"
我仍然得到這樣的輸出:
New-Object : Cannot convert argument "1", with value: "ExecuteFile Executefile ListDirectory ReadData ReadAttributes
ReadExtendedAttributes CreateFiles WriteData ContainerInherit, ObjectInherit CreateDirectories AppendData WriteAttributes
WriteExtendedAttributes DeleteSubdirectoriesAndFiles ReadPermissions", for "FileSystemAccessRule" to type
"System.Security.AccessControl.FileSystemRights": "Cannot convert value "ExecuteFile Executefile ListDirectory ReadData
ReadAttributes ReadExtendedAttributes CreateFiles WriteData ContainerInherit, ObjectInherit CreateDirectories AppendData
WriteAttributes WriteExtendedAttributes DeleteSubdirectoriesAndFiles ReadPermissions" to type
"System.Security.AccessControl.FileSystemRights". Error: "Unable to match the identifier name ExecuteFile Executefile ListDirectory
ReadData ReadAttributes ReadExtendedAttributes CreateFiles WriteData ContainerInherit, ObjectInherit CreateDirectories AppendData
WriteAttributes WriteExtendedAttributes DeleteSubdirectoriesAndFiles ReadPermissions to a valid enumerator name. Specify one of the
following enumerator names and try again: ListDirectory, ReadData, WriteData, CreateFiles, CreateDirectories, AppendData,
ReadExtendedAttributes, WriteExtendedAttributes, Traverse, ExecuteFile, DeleteSubdirectoriesAndFiles, ReadAttributes,
WriteAttributes, Write, Delete, ReadPermissions, Read, ReadAndExecute, Modify, ChangePermissions, TakeOwnership, Synchronize,
FullControl""
編輯
我試圖從變量去掉引號,因爲它似乎每個變量都已經引用除了$groupdomain
,然後得到這個錯誤:
New-Object : Cannot convert argument "1", with value: "System.Object[]", for "FileSystemAccessRule" to type
"System.Security.AccessControl.FileSystemRights": "Cannot convert value
"ExecuteFile,Executefile,ListDirectory,ReadData,ReadAttributes,ReadExtendedAttributes,CreateFiles,WriteData,ContainerInherit,
ObjectInherit,CreateDirectories,AppendData,WriteAttributes,WriteExtendedAttributes,DeleteSubdirectoriesAndFiles,ReadPermissions" to
type "System.Security.AccessControl.FileSystemRights". Error: "Unable to match the identifier name
ExecuteFile,Executefile,ListDirectory,ReadData,ReadAttributes,ReadExtendedAttributes,CreateFiles,WriteData,ContainerInherit,
ObjectInherit,CreateDirectories,AppendData,WriteAttributes,WriteExtendedAttributes,DeleteSubdirectoriesAndFiles,ReadPermissions to a
valid enumerator name. Specify one of the following enumerator names and try again: ListDirectory, ReadData, WriteData,
CreateFiles, CreateDirectories, AppendData, ReadExtendedAttributes, WriteExtendedAttributes, Traverse, ExecuteFile,
DeleteSubdirectoriesAndFiles, ReadAttributes, WriteAttributes, Write, Delete, ReadPermissions, Read, ReadAndExecute, Modify,
ChangePermissions, TakeOwnership, Synchronize, FullControl""
編輯
試了一下斯蒂芬建議的周圍,他整個新物體加上引號,然後得到這個錯誤:
Cannot convert argument "rule", with value: "New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList
WOLF\Elite_1035 Write, Read ContainerInherit, ObjectInherit None Allow", for "SetAccessRule" to type
"System.Security.AccessControl.FileSystemAccessRule": "Cannot convert the "New-Object -TypeName
System.Security.AccessControl.FileSystemAccessRule -ArgumentList WOLF\Elite_1035 Write, Read ContainerInherit, ObjectInherit None
Allow" value of type "System.String" to type "System.Security.AccessControl.FileSystemAccessRule"."
編輯
錯誤消失了,但我還是不'請參閱添加到$path6
的安全屬性的任何組。
我能夠也添加所有的權限,從理論上講,這樣做:
$FileSystemAccessRights=[System.Security.AccessControl.FileSystemRights]"Traverse,Executefile,ListDirectory,ReadData, ReadAttributes, ReadExtendedAttributes,CreateFiles,WriteData,CreateDirectories,AppendData,WriteAttributes,WriteExtendedAttributes,DeleteSubdirectoriesAndFiles, ReadPermissions"
你嘗試封閉$許可括號,在新物體行?你也可以在整個New-Object子句中放置圓括號。 –
@StephenGTuggy我試過,然後更新我的問題。 – scriptkiddie