Reputation: 611
Powershell Get-Acl Owner Reference
Is there a way to get the actual IdentityReference of the owner of a directory using PowerShell instead of the resolved string version?
The problem is that I want to run a script from domain A to check/fix ownership issues for a file server in domain B. We are in the middle of a migration so the sids from B have been added to the sidhistory of A. So my code includes something like:
$acl = Get-Acl -Path $path
$owner = $acl.Owner
When I run this from domain A, $owner = domain_a\user.
But when I run it from domain B, $owner = domain_b\user.
It appears that the Get-Acl function is getting the IdentityReference, converting it to a string on the client, and then throwing away the raw data so I have no way of knowing who the actual owner is.
It is possible to run this on a machine in domain B and get the correct results but this doesn't seem like it should be necessary. Am I missing something?
Thanks
Upvotes: 3
Views: 7180
Answers (2)
Reputation: 11
Had to make a slight modification as 'G' from the primary group, which follows the owner in the sddl string, was being captured by regex group
$owner = $acl.sddl -replace 'o:(.+?)G:.+','$1'
Upvotes: 1
Reputation: 68341
You can parse it out of the SDDL string:
$acl = Get-Acl -Path $path
$owner = $acl.sddl -replace 'o:(.+?):.+','$1'
$owner
Upvotes: 4
Related Questions
- Applying ACL Permissions using PowerShell Set-Acl
- Powershell using get-acl to return only user/groupnames?
- Unexpected output from Get-ACL | Select Access
- Get-ACL returns nothing / null
- GET-ACL file owner without domain path
- Powershell : Get-ACL and get permissions for specific user on a remote folder
- How do I change the owner of a folder with Powershell when Get-Acl returns "Access Denied"?
- powershell permissions
- Tricky use of Get-Acl
- Wrong ACL information in PowerShell