You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hello,
In the template CSV, I found several ACE with the same information. For example for adminsdholder : BUILTIN\Pre-Windows 2000 Compatible Access has the same permission (Generic Read - All)
I get the same information with get-ACL.
Any idea why many ACE are duplicated with Get-ACL (and in the templates too, but I suppose is is related to Get-ACL output command used to generate your templates).
Thanks
The text was updated successfully, but these errors were encountered:
Short answer: The ACE's set at initial build of Active Directory is set in the wrong manner.
When the Active Directory is built these ACE's is set from an LDF-file. When this is done it bypasses the normal SetEntriesACL function, which would have done filtering and merging of incorrect/duplicate ACE's.
The first "edit" of the ACL will trigger the SetEntriesACL function and it will correct incorrect ACE's (if it can) and you will see a different ACL even though you just add a new entry.
The CSV file is a export of a pristine installation that's way it has the same duplicate, but since the "get" function does not understand some of the incorrect ACE's it will export a modified version of them.
Hello,
In the template CSV, I found several ACE with the same information. For example for adminsdholder : BUILTIN\Pre-Windows 2000 Compatible Access has the same permission (Generic Read - All)
I get the same information with get-ACL.
Any idea why many ACE are duplicated with Get-ACL (and in the templates too, but I suppose is is related to Get-ACL output command used to generate your templates).
Thanks
The text was updated successfully, but these errors were encountered: