Recently we where moving folder and shares from one server to another. We need to confirm that the folder and permissions were the same on both the old and new share.
To do this I used PowerShell to export the pre and post move permissions and compare the results.
Below is the full script I will be using two commands to get most of the information
Get-ChildItem and Get-Acl. The three parts that would need to be updated are the export path, search path and the export file name.
## Export Path$ExportPath = “C:\temp\Export”## Search Path$Search = “\\lab-host01\sources”## Results variable$results = @()## Get Folders$Folders = Get-ChildItem -Path $Search | Select-Object Name,FullName,LastWriteTime,Lengthforeach ($Folder in $Folders){$size = ((Get-ChildItem -Path $Folder.FullName -Recurse | Measure-Object -Property Length -Sum -ErrorAction SilentlyContinue).Sum / 1MB)## Get access control list$Acls = Get-Acl -Path $Folder.FullName -ErrorAction SilentlyContinue## Loop through ACLforeach ($Acl in $Acls.Access) {if ($Acl.IdentityReference -notlike “BUILTIN\Administrators” -and $Acl.IdentityReference -notlike “CREATOR OWNER” -and$Acl.IdentityReference -notlike “NT AUTHORITY\SYSTEM” -and $Acl.FileSystemRights -notlike “-*” -and $Acl.FileSystemRights -notlike “268435456”`-and $Acl.IdentityReference -notlike “S-1-*”){## formate properties for result hash table$properties = @{FolderName = $Folder.NameFolderPath = $Folder.FullNameIdentityReference = $Acl.IdentityReference.ToString()Size = [math]::Round($size,2)Permissions = $Acl.FileSystemRightsAccessControlType = $Acl.AccessControlType.ToString()IsInherited = $Acl.IsInherited}$results += New-Object psobject -Property $properties}}}## Export results$results | Select-Object FolderName,FolderPath,IdentityReference,Size,Permissions,AccessControlType,IsInherited |Export-Csv -Path $ExportPath\Pre_Permission.csv -Append -NoTypeInformation
I ran the script and changed the exported csv name to pre and post to be used to compare.
Below is what the export should look like.
Once the pre and post export are done we can use compare-object to find any differences. Below is the script I used.
Just need to update the import-csv paths, I was moving to a share that would have the FQDN so if that is not the case you can removed the FolderPath from the compare-Object property otherwise all result will not match.
$PreCIFSCheck = Import-Csv -Path “D:\Scripts\Folder_Permissions\Export\Pre_Permission.csv”$PostCIFSCheck = Import-Csv -Path “D:\Scripts\Folder_Permissions\Export\Post_Permission.csv”$comparePermssions = Compare-Object $PreCIFSCheck $PostCIFSCheck -Property FolderName,FolderPath,IdentityReference,Permissions,AccessControlTypeif ($comparePermssions){Foreach ($Folder in $comparePermssions){Write-Warning “Permssion missing from $($Folder.FolderName)”$Folder | Export-Csv -Path “D:\Scripts\Folder_Permissions\Export\Compare_Results.csv” -NoTypeInformation -Append}}
Below is the export results showing the difference between the pre and post move 
