Scenario: You want to pull a report of all delegated permissions to AD Organizational Units.
Scriptlet:
$sourceOU = "OU=NEW,DC=Domain,DC=Com"
$OUs = Get-ADOrganizationalUnit -SearchBase $sourceOU -filter * | Select -ExpandProperty DistinguishedName | Sort {$_.length}
$output = "C:\temp\ace.csv"
$OUs | %{
$ou = "AD:\"+$_
"Checking $OU"
$acl = get-acl $ou
$ace = $acl.access | Where IsInherited -eq $false
$ace | Select @{Name="OU";Expression={"$ou"}},ActiveDirectoryRights, InheritanceType,ObjectType,InheritedObjectType,ObjectFlags,AccessControlType,IdentityReference,IsInherited,InheritanceFlags,PropagationFlags | Export-csv $output -append
}
Ex-Shell 