List of Users with DSACL elements that Contains "Deny"

Hello I could really use help from the users.
I need to convert a pipeline command to an actual powershell script

My pipeline

Get-ADUser UserName | ForEach { DSACLS $_.DistinguishedName } | Where {$_.Contains("Deny")}

What I need is a script that will result in a CSV file with the information of EVERY user that has passes the WHERE clause.

Could really use help on this.



You don’t need a script to do what you want. Just add the the pipeline a Get-ADUser in case you get the samaccountname back from the where. After that use an Export-Csv.

You don’t need DSACL for this. PowerShell can do it.

(get-acl (Get-ADOrganizationalUnit -filter *).distinguishedname).access | ? {$ _.accessControlType –eq "Deny"} | Export-csv C:\denied.csv -notypeinformation

Rick –
This pipeline did not work at all

get-acl : Cannot find path 'OU=Microsoft Exchange Security Groups,DC=prog1s,DC=com' because it does not exist.
At line:1 char:2
+ (get-acl (Get-ADOrganizationalUnit -filter *).distinguishedname).access | ? {$ _ ...
+  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (:) [Get-Acl], ItemNotFoundException
    + FullyQualifiedErrorId : GetAcl_PathNotFound_Exception,Microsoft.PowerShell.Commands.GetAclCommand

Sorry, as I said I didn’t get a chance to test it. I changed it up a bit and tested the code below and it’s working for me.

Get-ADOrganizationalUnit -Filter * | % {(Get-ACL "AD:$($_.distinguishedname)").access} | ? {$ _.accessControlType –eq "Deny"} | | Export-csv C:\denied.csv -notypeinformation