I have NTFS folders showing members by their SID. Looks like these members are no longer employed and have been deleted, but the SID still shows. I want to script the removal of these. What I have currently works only if I use the username and domain, but I need to remove based on SID. Can this script be changed to accomplish this? Have any ideas how I should go about doing this?
Code obtained from Microsoft Scripting guys:
$user = 'domain\user'
$folders = "C:\test"
$acls = Get-Acl -path $folders
$outputObject = @()
Foreach($acl in $acls)
{
$folder = (convert-path $acl.pspath)
Write-Progress -act "Getting Security" -status "checking $folder" -percent ($i/ $folders.count*100)
Foreach($access in $acl.access)
{
Foreach($value in $access.identityReference.Value)
{
if ($value -eq $user)
{
$acl.RemoveAccessRule($access) | Out-Null
}
} #end foreach value
} # end foreach access
Set-Acl -path $folder -aclObject $acl
$i++
} #end Foreach aclPlease mark my post as helpful or the answer or better yet.... both! :) Thanks!