Powershell 将安全权限添加到扩展权限guid_Powershell_Active Directory

Powershell 将安全权限添加到扩展权限guid

powershell active-directory

Powershell 将安全权限添加到扩展权限guid,powershell,active-directory,Powershell,Active Directory,多亏了@Mathias R.Jessen，我才走到了这一步。唯一的问题是权限没有传播到扩展属性，即使在advanced选项卡中也是如此：（如果我进入adsi并检查扩展权限的安全选项卡，它不会显示任何关于新组拥有权限的信息…但是…如果我检查变量$rootObjACL.access，它会显示应有的权限 ActiveDirectoryRights : ExtendedRight InheritanceType : None ObjectType : 1131f6aa

多亏了@Mathias R.Jessen，我才走到了这一步。唯一的问题是权限没有传播到扩展属性，即使在advanced选项卡中也是如此：（

如果我进入adsi并检查扩展权限的安全选项卡，它不会显示任何关于新组拥有权限的信息…但是…如果我检查变量$rootObjACL.access，它会显示应有的权限

ActiveDirectoryRights : ExtendedRight
InheritanceType       : None
ObjectType            : 1131f6aa-9c07-11d1-f79f-00c04fc2dcd2
InheritedObjectType   : 00000000-0000-0000-0000-000000000000
ObjectFlags           : ObjectAceTypePresent
AccessControlType     : Allow
IdentityReference     : NEW\Replication
IsInherited           : False
InheritanceFlags      : None
PropagationFlags      : None**

试图找出我做错了什么。运行脚本时没有任何错误。下面是脚本

Import-Module ActiveDirectory

$rootObjPath = "AD:\CN=Configuration,DC=new,DC=domain,DC=com"

$rootObjACL = Get-Acl $rootObjPath

$group = Get-ADgroup 'Replication'

$SID = New-Object System.Security.Principal.SecurityIdentifierArgumentList $group.SID

# The following object specific ACE is to grant Group the permission     DS-Replication-Get-Changes

$objectGuid = New-Object Guid 1131f6aa-9c07-11d1-f79f-00c04fc2dcd2

$ADRight = [System.DirectoryServices.ActiveDirectoryRights]"ExtendedRight"

$ACEType = [System.Security.AccessControl.AccessControlType]"Allow"

$ACE = New-Object System.DirectoryServices.ActiveDirectoryAccessRule -ArgumentList $SID,$ADRight,$ACEType,$objectGuid

$rootObjACL.AddAccessRule($ACE)

Set-Acl $rootObjPath -AclObject $rootObjACL