How to set and modify folder permissions in Active Directory?
Read on to know how to modify file/folder permissions and ACL in Active Directory using PowerShell and how you can get it done easily with ADManager Plus.
- Identify the domain in which the folder whose permissions are to be modified is located.
- Create and compile the script for modifying the folder access permisisons for the AD account. Execute the script in PowerShell.
- Sample script for modifying NTFS permissions of an AD account:
Click to copy entire script
$acllist = Get-Acl \\fs1\shared\sales
$AccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule("Sales\Ashley","FullControl","Allow")
$acllist | Set-Acl \\ft2\shared\sales
- Navigate to Management > File Server Management > Modify NTFS Permissions.
- Select the Domain,Folders, User Accounts you wish to modify, Type of Permissions and inheritance. Click Apply.
» Start 30-day Free Trial
Although modifying NTFS permissions for AD accounts with native tools like PowerShell looks simple, it comes with a few limitations:
- The PowerShell script can be run only from the computers which have the Active Directory Domain Services role installed in them.
- Need for a new script, in case NTFS permissions for multiple accounts are needed.
- The syntax, parameters and iterations need to be correct. A typo or incorrect syntax might be difficult to spot and rectify, especially when the script is a long one.
- Cannot delegate the modification of permissions for folder and AD accounts or other AD management tasks to help desk technicians.
ADManager Plus lets you perform the same with a few clicks from its web-based GUI console. It also has options for viewing the access control lists for folders with it's pre-built reports with on-the-fly management that lets you modify the permissions right from the report. You can learn more about it here.
Gain complete control over NTFS permissions and file shares with purpose-built reports.
Get 30-day free trial.