From 21c564848dcc92a6575364531ab76b4e4c6678d5 Mon Sep 17 00:00:00 2001 From: Hans-Joachim Kliemeck Date: Sat, 17 Oct 2015 23:05:51 +0200 Subject: [PATCH] added userprincipal support --- windows/win_acl.ps1 | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/windows/win_acl.ps1 b/windows/win_acl.ps1 index 994ff255fa8..041e66b9c11 100644 --- a/windows/win_acl.ps1 +++ b/windows/win_acl.ps1 @@ -51,8 +51,7 @@ Function UserSearch $accountname = $env:COMPUTERNAME + "\" + $AccountName $IsLocalAccount = $true } - - + if ($IsLocalAccount -eq $true) { # do not use Win32_UserAccount, because e.g. SYSTEM (BUILTIN\SYSTEM or COMPUUTERNAME\SYSTEM) will not be listed. on Win32_Account groups will be listed too @@ -62,13 +61,19 @@ Function UserSearch return $localaccount.SID } } - ElseIf (($IsDomainAccount -eq $true) -and ($IsUpn -eq $false)) + ElseIf ($IsDomainAccount -eq $true) { #Search by samaccountname $Searcher = [adsisearcher]"" - $Searcher.Filter = "sAMAccountName=$($accountname.split("\")[1])" - $result = $Searcher.FindOne() - + + If ($IsUpn -eq $false) { + $Searcher.Filter = "sAMAccountName=$($accountname.split("\")[1])" + } + Else { + $Searcher.Filter = "userPrincipalName=$($accountname)" + } + + $result = $Searcher.FindOne() if ($result) { $user = $result.GetDirectoryEntry() @@ -80,7 +85,6 @@ Function UserSearch return (New-Object System.Security.Principal.SecurityIdentifier($binarySID,0)).Value } } - } $params = Parse-Args $args; @@ -225,4 +229,4 @@ Catch { Fail-Json $result "an error occured when attempting to $state $rights permission(s) on $path for $($Params.User)" } -Exit-Json $result \ No newline at end of file +Exit-Json $result