PshMike · October 4, 2021 18:24
diff --git a/Set-ADGroupACL.ps1 b/Set-ADGroupACL.ps1
 $GroupObject = Get-ADGroup 'MyGroupName'
 $NTPrincipal = Get-ADUser 'myUserName'

 if ($GroupObject -and $NTPrincipal) {

    $acl = Get-Acl "AD:$($GroupObject.distinguishedName)"

    $identity = [System.Security.Principal.IdentityReference] $NTPrincipal.SID

    $adRights = [System.DirectoryServices.ActiveDirectoryRights]::WriteProperty -bor [System.DirectoryServices.ActiveDirectoryRights]::WriteDacl

    $type = [System.Security.AccessControl.AccessControlType] "Allow"

    $inheritanceType = [System.DirectoryServices.ActiveDirectorySecurityInheritance]::None

    $ACE = New-Object System.DirectoryServices.ActiveDirectoryAccessRule $identity,$adRights,$type,$inheritanceType

    $acl.AddAccessRule($ace)
    Set-Acl -AclObject $acl -Path "AD:$($GroupObject.distinguishedName)"
 }
	$GroupObject = Get-ADGroup 'MyGroupName'
	$NTPrincipal = Get-ADUser 'myUserName'

	if ($GroupObject -and $NTPrincipal) {

	$acl = Get-Acl "AD:$($GroupObject.distinguishedName)"

	$identity = [System.Security.Principal.IdentityReference] $NTPrincipal.SID

	$adRights = [System.DirectoryServices.ActiveDirectoryRights]::WriteProperty -bor [System.DirectoryServices.ActiveDirectoryRights]::WriteDacl

	$type = [System.Security.AccessControl.AccessControlType] "Allow"

	$inheritanceType = [System.DirectoryServices.ActiveDirectorySecurityInheritance]::None

	$ACE = New-Object System.DirectoryServices.ActiveDirectoryAccessRule $identity,$adRights,$type,$inheritanceType

	$acl.AddAccessRule($ace)
	Set-Acl -AclObject $acl -Path "AD:$($GroupObject.distinguishedName)"
	}