Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Script for setting the ACEs for access groups.

Infonote

In order to reduce the size of the ACL, only set an ACE for groups where that access type has been requested.
For example, if there is a request to read an attribute, but no request to write it as well, only set the ACE for the appropriate -A group. Do not set an ACE for the -C group as well if write access is not requested.

NameAdd-Attribute-ACE.ps1
Location\\aad-share-p01.austin.utexas.edu\Shares\Scripts\Permissions
Variables

$ad_container - String containing the FQDN of the container to be updated

For user attributes, this will be "OU=People,DC=austin,DC=utexas,DC=edu" in AUSTIN

$ad_group - String containing the name of the attribute group

Example: AUSTIN-User-Single1-A, AUSTIN-User-Single1-B, AUSTIN-User-Single1-C

$ad_write_ace - Boolean containing the state of the script (write the ACE or not)

This variable must be True in order to write the ACE.

You must set the variable on each run of the script in order to have it write the ACE. It is set to False at the end of the script.