Using compare-object to check ACLs on two sets of folders

In preparation of moving away from Win 2003, I've been asked to compare ACLs on two servers with identical directory structures. I came up with the following:

function Compare-ACLs {
    Param(
        [string]$Path1 = "Path1",
        [string]$Path2 = "Path2"
        )

        $folders_path1 = gci -Directory $Path1 -Force | get-acl
        $folders_path2 = gci -Directory $Path2 -force | get-acl
        compare-object $folders_path1 $folders_path2 -IncludeEqual
                    }

However, when I run it I get an output that is giving me the object type:

InputObject                                                                                          SideIndicator                                                                                       
-----------                                                                                          -------------                                                                                       
System.Security.AccessControl.DirectorySecurity                                                      ==                                                                                                  
System.Security.AccessControl.DirectorySecurity                                                      ==                                                                                                  
System.Security.AccessControl.DirectorySecurity                                                      ==                                                                                                  
System.Security.AccessControl.DirectorySecurity                                                      ==                                                                                                  
System.Security.AccessControl.DirectorySecurity                                                      ==                                                                                                  
System.Security.AccessControl.DirectorySecurity                                                      ==

Is there a way for me to show the folder of the InputObject, or is that impossible given get-ACLs limitations?

Than

March 31st, 2015 11:04am

Hi Zarberg,

If you want to compare the ACL after copy folder, please refer to the script, please note these two folders needs identical directory structures, and also specify the properties in the "Compare-Object" cmdlet:

$Path = "d:\test1"
$replace="d:\test2\test1"
gci -Directory $Path -Force|foreach{
$path1=$_.fullname
$path2=$path1 -replace $path, $replace
$folder1ACLs=get-acl(get-item $path1)
$folder2ACLs=get-acl(get-item $path2)
compare-object $($folder1ACLs.access) $($folder2ACLs.access) -property FileSystemRights,IdentityReference,InheritanceFlags,PropagationFlags -IncludeEqual -PassThru | select FileSystemRights,IdentityReference,InheritanceFlags,PropagationFlags,@{N="fullname";E={$path1}}
}

If there is anything else regarding this issue, please feel free to post back.

If you have any feedback on our support, please click here.

Best Regards,

Anna Wang

TechNet Community Support

Free Windows Admin Tool Kit Click here and download it now
March 31st, 2015 11:11pm

Hi Zarberg,

Im writing to just check in to see if the suggestions were helpful. If you need further help, please feel free to reply this post directly so we will be notified to follow it up.

If you have any feedback on our support, please click here.

Best Regards,

Anna Wang

April 8th, 2015 2:11am
Not helpful, actually. I wasn't looking to copy anything, just compare the ACLs of two existing identical folder structures on two different servers.
Free Windows Admin Tool Kit Click here and download it now
April 8th, 2015 9:17am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics