Enable inheritance on all AD user

Posted by alambert on November 7, 2022
Posted in: Active Directory, Powershell, Single. Tagged: , , . 
$users = Get-Content c:\scripts\list.txt 

ForEach($userlist in $users)
{
$user = Get-ADUser $userlist
    $dn= [ADSI](“LDAP://” + $user)
    $acl= $dn.psbase.objectSecurity
    if ($acl.get_AreAccessRulesProtected())
    {
        $isProtected = $false # $false to enable inheritance
                              # $true to disable inheritance
        $preserveInheritance = $true # $true to keep inherited access rules
                                     # $false to remove inherited access rules.
                                     # ignored if isProtected=$false
        $acl.SetAccessRuleProtection($isProtected, $preserveInheritance)
        $dn.psbase.commitchanges()
        Write-Host($user.SamAccountName + "|" + `
                   $user.DistinguishedName + `
                   "|inheritance set to enabled")
    }
    else
    {
        write-host($user.SamAccountName + "|" + `
                   $user.DistinguishedName + `
                   "|inheritance was already enabled - no change")
    }
}