I have a delegated permission on an OU that I would like to delete.
$SB = "OU=Name of OU,DC=Name,DC=of,DC=Domain"
$ADUC=Get-ADOrganizationalUnit $SB
$OUACL=Get-ACL AD:\$ADN
I can get the ACL-Entry I would like to delete with following script:
foreach ($access in $OUACL.access){
foreach ($Value in $access.ObjectType){
if ($Value -like "bf967a0a-0de6-11d0-a285-00aa003049e2"){
foreach ($Inherit in $Access.IsInherited){
if ($Inherit -like "False"){
$Removeme = $Access
#$OUACL.RemoveAccessRule($access) | Out-null
}
}
}
}
}
the Variable is correctly filled with the Entry I am looking to remove:
ActiveDirectoryRights : ExtendedRight
InheritanceType : Descendents
ObjectType : bf967a0a-0de6-11d0-a285-00aa003049e2
InheritedObjectType : 00000000-0000-0000-0000-000000000000
ObjectFlags : ObjectAceTypePresent
AccessControlType : Allow
IdentityReference : DOMAIN\GroupName
IsInherited : False
InheritanceFlags : ContainerInherit
PropagationFlags : InheritOnly
But If I use $OUACL.RemoveAccessRule($access) I get the return code "False" and the Entry is still within the ACL.
what am I missing?
I tried to remove the Accessrule from ACS and then save it. (the set-acl part is missing, because removefromAccessRule is not working)