Get-ADObjectPermission
SYNOPSIS
Retrieves permissions for an Active Directory object.
SYNTAX
Get-ADObjectPermission [[-Identity] <String>] [[-Permittee] <String[]>] [[-IsInherited] <Boolean>]
[<CommonParameters>]
DESCRIPTION
The `Get-ADObjectPermission` function retrieves permissions for a specified Active Directory object. It supports filtering by permittee and inheritance status and provides detailed information about access control entries.
EXAMPLES
EXAMPLE 1
Retrieves permissions for the specified Active Directory organizational unit.
EXAMPLE 2
Retrieves permissions for the specified organizational unit filtered by the "Domain Admins" group.
EXAMPLE 3
Retrieves non-inherited permissions for the specified organizational unit.
PARAMETERS
-Identity
The identity of the Active Directory object (e.g., DistinguishedName, OrganizationalUnit, or UserPrincipalName).
Type: String
Parameter Sets: (All)
Aliases: DN, DistinguishedName, OU, OrganizationalUnit, sAMAccountName, UserPrincipalName, UPN
Required: False
Position: 1
Default value: None
Accept pipeline input: True (ByPropertyName, ByValue)
Accept wildcard characters: False
-Permittee
A list of specific identities (e.g., users or groups) to filter the permissions by.
Type: String[]
Parameter Sets: (All)
Aliases: IdentityReference
Required: False
Position: 2
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-IsInherited
A boolean parameter to filter permissions based on whether they are inherited.
Type: Boolean
Parameter Sets: (All)
Aliases:
Required: False
Position: 3
Default value: False
Accept pipeline input: False
Accept wildcard characters: False
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.