I am working on a powershell script that will be removing NTFS permissions to many folders at once via a csv that has the users for that folder.
I am running into an issue with the last part which is the $variable.removeaccessrule($accessrule). I am getting the following error when testing the script:
Exception calling “RemoveAccessRule” with “1” argument(s): “Some or all identity references could not be translated.”
At C:\scripts\Remove_explicit_Full Control_use.ps1:13 char:2
- $acl.RemoveAccessRule($AccessRule)
-
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException + FullyQualifiedErrorId : IdentityNotMappedException
Here is the script I am working with:
$sprdsheetdir = "C:\scripts\exports\ftproot2" #directory where users csv resides
$folderdir = "C:\scripts\Testing" #directory where folders needing perm change
$sheets = get-childitem $sprdsheetdir
$folderdirs = get-childitem $folderdir
foreach($sheet in $sheets)
{
$test = import-csv “C:\scripts\exports\ftproot2$sheet”
$acluser = $test.IdentityReference
$acl = foreach($folder in $folderdirs){get-acl -path “C:\scripts\Testing$folder”}
$AccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule($acluser,“FullControl”,“ContainerInherit,ObjectInherit”,“None”,“Allow”)
$acl.RemoveAccessRule($AccessRule)
$acl | set-acl -Path “C:\scripts\Testing$folder”
}
After I have run the script and get the above error. I check to see what is stored in the $AccessRule variable and I get the following:
FileSystemRights : FullControl
AccessControlType : Allow
IdentityReference : domain\user1 domain\user2 domain\user3 domain\user4 domain\user5
IsInherited : False
InheritanceFlags : ContainerInherit, ObjectInherit
PropagationFlags : None
which is what I am expecting. I have a script that does reference a .csv and is able to remove the users, but it is only for one folder. I have close to 200 in this one directory I need to remove explicit permissions and doing it one at a time is not really optimal.
I am sure the script could be written cleaner, but, it is working up to this one point. I would greatly appreciate any and all input on what I am missing or need to alter to get this to work.
