more progress

Author: santisq

LICENSE

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2021 Santiago Squarzon
+Copyright (c) 2025 Santiago Squarzon
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

docs/en-US/Get-ADEffectiveAccess.md

@@ -0,0 +1,181 @@
+---
+external help file: ADEffectiveAccess.dll-Help.xml
+Module Name: ADEffectiveAccess
+online version:
+schema: 2.0.0
+---
+
+# Get-ADEffectiveAccess
+
+## SYNOPSIS
+
+{{ Fill in the Synopsis }}
+
+## SYNTAX
+
+```powershell
+Get-ADEffectiveAccess [[-LdapFilter] <String>] [-Audit] [-Top <Int32>] [-IncludeDeletedObjects]
+ [-SearchScope <SearchScope>] [-Credential <PSCredential>] [-Server <String>]
+ [-ProgressAction <ActionPreference>] [<CommonParameters>]
+```
+
+## DESCRIPTION
+
+{{ Fill in the Description }}
+
+## EXAMPLES
+
+### Example 1
+
+```powershell
+PS C:\> {{ Add example code here }}
+```
+
+{{ Add example description here }}
+
+## PARAMETERS
+
+### -Audit
+
+{{ Fill Audit Description }}
+
+```yaml
+Type: SwitchParameter
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -Credential
+
+{{ Fill Credential Description }}
+
+```yaml
+Type: PSCredential
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -IncludeDeletedObjects
+
+{{ Fill IncludeDeletedObjects Description }}
+
+```yaml
+Type: SwitchParameter
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -LdapFilter
+
+{{ Fill LdapFilter Description }}
+
+```yaml
+Type: String
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: 0
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -SearchScope
+
+{{ Fill SearchScope Description }}
+
+```yaml
+Type: SearchScope
+Parameter Sets: (All)
+Aliases:
+Accepted values: Base, OneLevel, Subtree
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -Server
+
+{{ Fill Server Description }}
+
+```yaml
+Type: String
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -Top
+
+{{ Fill Top Description }}
+
+```yaml
+Type: Int32
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -ProgressAction
+
+{{ Fill ProgressAction Description }}
+
+```yaml
+Type: ActionPreference
+Parameter Sets: (All)
+Aliases: proga
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### CommonParameters
+
+This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216).
+
+## INPUTS
+
+### None
+
+## OUTPUTS
+
+### System.Object
+
+## NOTES
+
+## RELATED LINKS

module/ADEffectiveAccess.psd1

@@ -33,7 +33,7 @@
     # Description = ''
 
     # Minimum version of the PowerShell engine required by this module
-    # PowerShellVersion = ''
+    PowerShellVersion = '5.1'
 
     # Name of the PowerShell host required by this module
     # PowerShellHostName = ''
@@ -72,13 +72,13 @@
     FunctionsToExport = @()
 
     # Cmdlets to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no cmdlets to export.
-    CmdletsToExport   = @("Get-ADEffectiveAccess")
+    CmdletsToExport   = @('Get-ADEffectiveAccess')
 
     # Variables to export from this module
     VariablesToExport = @()
 
     # Aliases to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no aliases to export.
-    AliasesToExport   = @()
+    AliasesToExport   = @('gea', 'gacl')
 
     # DSC resources to export from this module
     # DscResourcesToExport = @()
@@ -98,10 +98,10 @@
             # Tags = @()
 
             # A URL to the license for this module.
-            # LicenseUri = ''
+            LicenseUri = 'https://github.com/santisq/ADEffectiveAccess/blob/main/LICENSE'
 
             # A URL to the main website for this project.
-            # ProjectUri = ''
+            ProjectUri = 'https://github.com/santisq/ADEffectiveAccess'
 
             # A URL to an icon representing this module.
             # IconUri = ''
@@ -123,7 +123,7 @@
     } # End of PrivateData hashtable
 
     # HelpInfo URI of this module
-    # HelpInfoURI = ''
+    HelpInfoURI = ''
 
     # Default prefix for commands exported from this module. Override the default prefix using Import-Module -Prefix.
     # DefaultCommandPrefix = ''

src/ADEffectiveAccess/AclBuilder.cs

@@ -24,19 +24,27 @@ internal AclBuilder(string path, byte[] descriptor) : base()
         _group = GetGroup(_targetType);
     }
 
-    internal IEnumerable<EffectiveAccessRule> EnumerateAccessRules()
+    internal IEnumerable<EffectiveAccessRule> EnumerateAccessRules(SchemaMap map)
     {
         foreach (ActiveDirectoryAccessRule rule in GetAccessRules(true, true, _targetType))
         {
-            yield return new EffectiveAccessRule(rule, _owner, _group, _path);
+            yield return new EffectiveAccessRule(rule, _owner, _group, _path)
+            {
+                ObjectTypeToString = map.Translate(rule.ObjectType, "All Objects (Full Control)"),
+                InheritedObjectTypeToString = map.Translate(rule.InheritedObjectType, "Any Inherited Object")
+            };
         }
     }
 
-    internal IEnumerable<EffectiveAuditRule> EnumerateAuditRules()
+    internal IEnumerable<EffectiveAuditRule> EnumerateAuditRules(SchemaMap map)
     {
         foreach (ActiveDirectoryAuditRule rule in GetAuditRules(true, true, _targetType))
         {
-            yield return new EffectiveAuditRule(rule, _owner, _group, _path);
+            yield return new EffectiveAuditRule(rule, _owner, _group, _path)
+            {
+                ObjectTypeToString = map.Translate(rule.ObjectType, "All Objects (Full Control)"),
+                InheritedObjectTypeToString = map.Translate(rule.InheritedObjectType, "Any Inherited Object")
+            };
         }
     }
 }

src/ADEffectiveAccess/EffectiveRule.cs

@@ -24,4 +24,8 @@ public abstract class EffectiveRule<T>(
     public bool IsInherited { get => Rule.IsInherited; }
 
     public PropagationFlags PropagationFlags { get => Rule.PropagationFlags; }
+
+    public string? ObjectTypeToString { get; internal set; }
+
+    public string? InheritedObjectTypeToString { get; internal set; }
 }

src/ADEffectiveAccess/GetADEffectiveAccessComand.cs

@@ -5,10 +5,13 @@
 namespace ADEffectiveAccess;
 
 [Cmdlet(VerbsCommon.Get, "ADEffectiveAccess")]
+[Alias("gea", "gacl")]
 public sealed class GetADEffectiveAccessComand : PSCmdlet
 {
     private const string SecurityDescriptor = "nTSecurityDescriptor";
 
+    private SchemaMap? _map;
+
     [Parameter(Position = 0)]
     public string? LdapFilter { get; set; }
 
@@ -25,6 +28,29 @@ public sealed class GetADEffectiveAccessComand : PSCmdlet
     [Parameter]
     public SearchScope SearchScope { get; set; } = SearchScope.Subtree;
 
+    [Parameter]
+    [Credential]
+    public PSCredential? Credential { get; set; }
+
+    [Parameter]
+    public string? Server { get; set; }
+
+    protected override void BeginProcessing()
+    {
+        try
+        {
+            _map = new SchemaMap(Server);
+        }
+        catch (Exception exception)
+        {
+            ErrorRecord error = new(
+                exception, "SchemaMapCreationFailure",
+                ErrorCategory.ConnectionError, null);
+
+            ThrowTerminatingError(error);
+        }
+    }
+
     protected override void EndProcessing()
     {
         using DirectorySearcher searcher = new(LdapFilter, [SecurityDescriptor])
@@ -55,11 +81,15 @@ protected override void EndProcessing()
             }
 
             AclBuilder builder = new(obj.Path, descriptor);
-            WriteObject(builder.EnumerateAccessRules(), enumerateCollection: true);
+            WriteObject(
+                builder.EnumerateAccessRules(_map!),
+                enumerateCollection: true);
 
             if (Audit)
             {
-                WriteObject(builder.EnumerateAuditRules(), enumerateCollection: true);
+                WriteObject(
+                    builder.EnumerateAuditRules(_map!),
+                    enumerateCollection: true);
             }
         }
     }

src/ADEffectiveAccess/SchemaMap.cs

@@ -16,6 +16,16 @@ internal SchemaMap(string? server = null)
         if (ctx is not null) PopulateMap(ctx, _schemaMap);
     }
 
+    internal string Translate(Guid guid, string defaultValue)
+    {
+        if (guid == Guid.Empty || _schemaMap.TryGetValue(guid, out defaultValue))
+        {
+            return defaultValue;
+        }
+
+        return guid.ToString();
+    }
+
     private static void PopulateMap(
         string schemaNamingContext,
         Dictionary<Guid, string> map)