Enable inheritance for Bulk Ad User (Active Directory)

Run below script to enable inheritance for Bulk AD user under specific OU (enable inheritance on all AD user accounts)

$ADusers = Get-ADUser -ldapfilter "(objectclass=user)" -searchbase "OU=Students,DC=ukh,DC=edu,DC=krd"
ForEach($user in $ADusers)
    # Binding the users to DS
    $ou = [ADSI]("LDAP://" + $user)
    $sec = $ou.psbase.objectSecurity
    if ($sec.get_AreAccessRulesProtected())
        $isProtected = $false ## allows inheritance
        $preserveInheritance = $true ## preserver inhreited rules
        $sec.SetAccessRuleProtection($isProtected, $preserveInheritance)
        Write-Host "$user is now inherting permissions";
        Write-Host "$User Inheritable Permission already set"

Leave a Reply