-
Notifications
You must be signed in to change notification settings - Fork 10
Expand file tree
/
Copy pathAdd-ADACE.ps1
More file actions
17 lines (17 loc) · 869 Bytes
/
Add-ADACE.ps1
File metadata and controls
17 lines (17 loc) · 869 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
$templateName = "TemplateName" # Use CN, not display name
$principalName = "principal" # SAM account name of principal
# Find the certificate template
$rootDSE = New-Object DirectoryServices.DirectoryEntry("LDAP://RootDSE")
$template = [ADSI]"LDAP://CN=$templateName,CN=Certificate Templates,CN=Public Key Services,CN=Services,$($rootDSE.configurationNamingContext)"
# Construct the ACE
$account = New-Object System.Security.Principal.NTAccount($principalName)
$sid = $account.Translate([System.Security.Principal.SecurityIdentifier])
$ace = New-Object DirectoryServices.ActiveDirectoryAccessRule(
$sid,
[System.DirectoryServices.ActiveDirectoryRights]::GenericAll,
[System.Security.AccessControl.AccessControlType]::Allow
)
# Add the new ACE to the ACL
$acl = $template.psbase.ObjectSecurity
$acl.AddAccessRule($ace)
$template.psbase.CommitChanges()