Recently we where moving folder and shares from one server to another. We need to confirm that the folder and permissions were the same on both the old and new share.
To do this I used PowerShell to export the pre and post move permissions and compare the results.
The two commands to get most of the information will be Get-ChildItem and Get-Acl. The only part of the scripts that will need to be changed is the the export file name to give it a custom name.
Below is the link to the script I will be using.
https://github.com/TheSleepyAdmin/Scripts/tree/master/General/Folder%20Permission
To run the script there will be two mandatory parameters and the command should look like the below. (If you want to look up all subfolders also then just change line 14 and add -Recurse to Get-ChildItem command)
.\Get-FolderPermissions.ps1 -FolderPath \\lab-host01\sources -ExportPath D:\Scripts\Folder_Permissions\Export
TheSleepyAdmins 
Thankyou for a great script, saved me and others a lot of time!
One question: Can we get this script to show subfolders also? it currently displays the folders under ‘Sources’ but not the subfolders of those folders 🙂 i hope that makes sense
Thanks again
LikeLike
Hi PB1882
yep you can just add -Recurse to the Get-ChildItem
so should just need to update this line from
$Folders = Get-ChildItem -Path $Search | Select-Object Name,FullName,LastWriteTime,Length
to this to get only folders and sub folders with no files.
$Folders = Get-ChildItem -Path $Search -Recurse -Directory | Select-Object Name,FullName,LastWriteTime,Length
LikeLike
should be
$Folders = Get-ChildItem -Path $folderpath $Search -Recurse -Directory | Select-Object Name,FullName,LastWriteTime,Length
LikeLike
yep should be $folderpath not $search in the script, this was just a example of adding the -Recurse parameter.
LikeLike
Works great, thank you!
LikeLike
No problem glad it helped.
LikeLike
So quick question about the script… The script is set for “Get-ChildItem”, which gives all items under the actual rootpath I am looking for. When I use \\SERVERNAME\SHARE as my pointer, it doesn’t give me any information on the actual root share, just the information below it. If I change it to “Get-Item”, then it brings up an issue with the “-Directory” parameter, -Recurse parameter, etc.
How do you suggest changing the script to include the \\SERVERNAME\SHARE root, as well as the Recursed directories?
Other than that, GREAT script!
LikeLike
Hi Chuck
There is no recurse parameter with Get-Item it usually only used for checking item at the root level and Get-ChildItem is used for to do rescusive lookup.
I thought of a quick workaround there is probable a much better way like doing if statements but I can’t think of how to get it working right now :). So you can just added two new lines to the script
One to get the Item properties I would add this above the Get-ChildItem part (its line 14 on visual studio code for me)
$rootfolder = Get-Item -Path $FolderPath | Select-Object Name,FullName,LastWriteTime,Length
and then combine the two variables by using
$Folders += $rootfolder
Do this before the foreach loop (so around line 20)
I think that should work ok.
LikeLike
Hi TheSleepyAdmin,
Thanks for the script, it works well, is there any way we can add file name and type or extension to export report?
LikeLike
Hi Erkindunya
The script was written for folders not really files. I would need to rewrite it to get files.
LikeLike
Hello , first of all is a great script, excellent job. I want to ask if can add to the script 2 function: 1) Reading and showing UTF-8 characters and 2) If it can export to excel file.
Thank you very much
LikeLike
Hi
For the export to excel it’s a bit difficult to add to the script and I would usually use the export to module from the below link.
https://github.com/dfinke/ImportExcel
Then just import the module at the start of the script and change the last line of the script from Export-csv to Export-Excel. On the UTF-8 I think get-childitem should show UTF-8 Characters but i have never had any need for it so not sure.
LikeLike
hi there,
I am still learning powershell.
I run the script, add the folder path and export path as well but couldnt get the report.
Do i have to modify anything ?
LikeLike
Hi
Are you getting any error. The script requires a folder to check and a export path.
LikeLike
Thanks for the post, saved me a lot of time !!
For those who might need it, I made some improvements like recurse searching with choosable depth, printing AD members, and exporting to excel file with importexcel. I posted it there : https://github.com/ouiouiallez/export-acl
LikeLike
No problem glad it helped. Your update script looks good.
LikeLike
Its good, Just have one query, Its giving output of Group Name, I wanted to extract details by by AD ID and Fname & Lname, Can you please help
LikeLike
Hi Vicky
that info is not in the NFTS permission, so that would need a good bit more work to get that info as it would need to connect back to AD.
LikeLike
Thanks for your reply, event I am trying to get Same but still no luck
LikeLike