Export folder permission using PowerShell

Recently we where moving folder and shares from one server to another. We need to confirm that the folder and permissions were the same on both the old and new share.

To do this I used PowerShell to export the pre and post move permissions and compare the results.

Below is the full script I will be using two commands to get most of the information

Get-ChildItem and Get-Acl.  The three parts that would need to be updated are the export path, search path and the export file name.

## Export Path
$ExportPath = “C:\temp\Export”
## Search Path
$Search = “\\lab-host01\sources”
## Results variable
$results = @()
## Get Folders
$Folders = Get-ChildItem -Path $Search |  Select-Object Name,FullName,LastWriteTime,Length
foreach ($Folder in $Folders){
$size = ((Get-ChildItem -Path $Folder.FullName -Recurse | Measure-Object -Property Length -Sum -ErrorAction SilentlyContinue).Sum / 1MB)
## Get access control list
$Acls = Get-Acl -Path $Folder.FullName -ErrorAction SilentlyContinue
## Loop through ACL
foreach ($Acl in $Acls.Access) {
if ($Acl.IdentityReference -notlike “BUILTIN\Administrators” -and $Acl.IdentityReference -notlike “CREATOR OWNER” -and
$Acl.IdentityReference -notlike “NT AUTHORITY\SYSTEM” -and $Acl.FileSystemRights -notlike “-*” -and  $Acl.FileSystemRights -notlike “268435456”`
-and $Acl.IdentityReference -notlike “S-1-*”){
## formate properties for result hash table
$properties = @{
FolderName = $Folder.Name
FolderPath = $Folder.FullName
IdentityReference = $Acl.IdentityReference.ToString()
Size = [math]::Round($size,2)
Permissions = $Acl.FileSystemRights
AccessControlType = $Acl.AccessControlType.ToString()
IsInherited = $Acl.IsInherited
$results += New-Object psobject -Property $properties
## Export results
$results | Select-Object FolderName,FolderPath,IdentityReference,Size,Permissions,AccessControlType,IsInherited |
Export-Csv -Path $ExportPath\Pre_Permission.csv -Append -NoTypeInformation
I ran the script and changed the exported csv name to pre and post to be used to compare.
Below is what the export should look like.
Once the pre and post export are done we can use compare-object to find any differences. Below is the script I used.
Just need to update the import-csv paths, I was moving to a share that would have the FQDN so if that is not the case you can removed the FolderPath from the compare-Object property otherwise all result will not match.
$PreCIFSCheck = Import-Csv -Path “D:\Scripts\Folder_Permissions\Export\Pre_Permission.csv”
$PostCIFSCheck = Import-Csv -Path  “D:\Scripts\Folder_Permissions\Export\Post_Permission.csv”
$comparePermssions = Compare-Object $PreCIFSCheck $PostCIFSCheck -Property FolderName,FolderPath,IdentityReference,Permissions,AccessControlType
if ($comparePermssions){
Foreach ($Folder in $comparePermssions){
Write-Warning “Permssion missing from $($Folder.FolderName)”
$Folder | Export-Csv -Path “D:\Scripts\Folder_Permissions\Export\Compare_Results.csv” -NoTypeInformation -Append
Below is the export results showing the difference between the pre and post move Per6