TestimoX

API Reference

Command

Add-ADXACL

Namespace ADPlayground.PowerShell
Inputs
System.DirectoryServices.ActiveDirectorySecurity System.DirectoryServices.DirectoryEntry System.String
Outputs
ADPlayground.Acl.AdxAclGovernedOperationResult

Adds an access rule to an Active Directory object with governance-capable execution options.

Examples

Generated fallback example

Generated fallback example from parameter set 'By ADObject'.


Add-ADXACL -ADObject 'Value' -Identity 'Value' -Rights 'CreateChild' -ControlType 'Allow'

Generated fallback example from parameter set 'By Entry'.


Add-ADXACL -Entry 'Value' -Identity 'Value' -Rights 'CreateChild' -ControlType 'Allow'

Common Parameters

This command supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable.

For more information, see about_CommonParameters.

Syntax

Add-ADXACL -Security <ActiveDirectorySecurity> -Identity <string> -Rights <CreateChild> -ControlType <Allow|Deny> -Inheritance <All|Descendents|Children|SelfAndChildren> [-AllowWrite] [-Apply] [-DryRun <bool>] [-GovernanceMode <string>] [-Intent <string>] [-PassThru] [-WriteActorId <string>] [-WriteAuditCorrelationId <string>] [-WriteChangeReason <string>] [-WriteExecutionId <string>] [-WriteRollbackPlanId <string>] [-WriteRollbackProviderId <string>] [<CommonParameters>]
#
Parameter set: By Security

Parameters

Security ActiveDirectorySecurity requiredposition: 0pipeline: true (ByValue, ByPropertyName)
ActiveDirectorySecurity instance to read or modify.
Identity string requiredposition: 1pipeline: false
Identity to add (SID, DOMAIN\name, UPN, DN).
Rights AclRights requiredposition: 2pipeline: falsevalues: 16
Rights to add. Possible values: None, CreateChild, Delete, ReadControl, WriteDacl, WriteOwner, GenericRead, GenericWrite, GenericExecute, ListChildren, DeleteChild, DeleteTree, ReadProperty, WriteProperty, ExtendedRight, Self, GenericAll
Possible values: CreateChild, Delete, ReadControl, WriteDacl, WriteOwner, GenericRead, GenericWrite, GenericExecute, ListChildren, DeleteChild, DeleteTree, ReadProperty, WriteProperty, ExtendedRight, Self, GenericAll
ControlType AccessControlType requiredposition: 3pipeline: falsealiases: access_control_type, control_typevalues: 2
Access control type to apply. Possible values: Allow, Deny
Possible values: Allow, Deny
Inheritance AclInheritance requiredposition: 4pipeline: falsevalues: 4
Inheritance flags for the rule. Possible values: None, All, Descendents, Children, SelfAndChildren
Possible values: All, Descendents, Children, SelfAndChildren
AllowWrite SwitchParameter optionalposition: namedpipeline: falsealiases: allow_write
Explicit write confirmation flag for mutating operations.
Apply SwitchParameter optionalposition: namedpipeline: false
Applies changes. Without this switch, the cmdlet runs in dry-run mode.
DryRun bool optionalposition: namedpipeline: falsealiases: dry_run
Dry-run mode flag. Defaults to true; set to false (or use -Apply) to execute writes.
GovernanceMode string optionalposition: namedpipeline: falsealiases: governance_mode
Governance behavior mode. compatibility preserves legacy write defaults; enforced requires explicit governance flow.
Intent string optionalposition: namedpipeline: false
Execution intent (read_only or read_write). Default: read_only.
PassThru SwitchParameter optionalposition: namedpipeline: false
Returns the governed operation result object.
WriteActorId string optionalposition: namedpipeline: falsealiases: write_actor_id
Write actor identifier.
WriteAuditCorrelationId string optionalposition: namedpipeline: falsealiases: write_audit_correlation_id
Optional write audit correlation identifier.
WriteChangeReason string optionalposition: namedpipeline: falsealiases: write_change_reason
Write change reason, ticket, or approval reference.
WriteExecutionId string optionalposition: namedpipeline: falsealiases: write_execution_id
Write execution identifier for governance/audit correlation.
WriteRollbackPlanId string optionalposition: namedpipeline: falsealiases: write_rollback_plan_id
Write rollback plan identifier.
WriteRollbackProviderId string optionalposition: namedpipeline: falsealiases: write_rollback_provider_id
Optional write rollback provider identifier.

Outputs

ADPlayground.Acl.AdxAclGovernedOperationResult

Add-ADXACL -Entry <DirectoryEntry> -Identity <string> -Rights <CreateChild> -ControlType <Allow|Deny> -Inheritance <All|Descendents|Children|SelfAndChildren> [-AllowWrite] [-Apply] [-DryRun <bool>] [-GovernanceMode <string>] [-Intent <string>] [-PassThru] [-WriteActorId <string>] [-WriteAuditCorrelationId <string>] [-WriteChangeReason <string>] [-WriteExecutionId <string>] [-WriteRollbackPlanId <string>] [-WriteRollbackProviderId <string>] [<CommonParameters>]
#
Parameter set: By Entry

Parameters

Entry DirectoryEntry requiredposition: 0pipeline: true (ByValue, ByPropertyName)
DirectoryEntry object to read or modify.
Identity string requiredposition: 1pipeline: false
Identity to add (SID, DOMAIN\name, UPN, DN).
Rights AclRights requiredposition: 2pipeline: falsevalues: 16
Rights to add. Possible values: None, CreateChild, Delete, ReadControl, WriteDacl, WriteOwner, GenericRead, GenericWrite, GenericExecute, ListChildren, DeleteChild, DeleteTree, ReadProperty, WriteProperty, ExtendedRight, Self, GenericAll
Possible values: CreateChild, Delete, ReadControl, WriteDacl, WriteOwner, GenericRead, GenericWrite, GenericExecute, ListChildren, DeleteChild, DeleteTree, ReadProperty, WriteProperty, ExtendedRight, Self, GenericAll
ControlType AccessControlType requiredposition: 3pipeline: falsealiases: access_control_type, control_typevalues: 2
Access control type to apply. Possible values: Allow, Deny
Possible values: Allow, Deny
Inheritance AclInheritance requiredposition: 4pipeline: falsevalues: 4
Inheritance flags for the rule. Possible values: None, All, Descendents, Children, SelfAndChildren
Possible values: All, Descendents, Children, SelfAndChildren
AllowWrite SwitchParameter optionalposition: namedpipeline: falsealiases: allow_write
Explicit write confirmation flag for mutating operations.
Apply SwitchParameter optionalposition: namedpipeline: false
Applies changes. Without this switch, the cmdlet runs in dry-run mode.
DryRun bool optionalposition: namedpipeline: falsealiases: dry_run
Dry-run mode flag. Defaults to true; set to false (or use -Apply) to execute writes.
GovernanceMode string optionalposition: namedpipeline: falsealiases: governance_mode
Governance behavior mode. compatibility preserves legacy write defaults; enforced requires explicit governance flow.
Intent string optionalposition: namedpipeline: false
Execution intent (read_only or read_write). Default: read_only.
PassThru SwitchParameter optionalposition: namedpipeline: false
Returns the governed operation result object.
WriteActorId string optionalposition: namedpipeline: falsealiases: write_actor_id
Write actor identifier.
WriteAuditCorrelationId string optionalposition: namedpipeline: falsealiases: write_audit_correlation_id
Optional write audit correlation identifier.
WriteChangeReason string optionalposition: namedpipeline: falsealiases: write_change_reason
Write change reason, ticket, or approval reference.
WriteExecutionId string optionalposition: namedpipeline: falsealiases: write_execution_id
Write execution identifier for governance/audit correlation.
WriteRollbackPlanId string optionalposition: namedpipeline: falsealiases: write_rollback_plan_id
Write rollback plan identifier.
WriteRollbackProviderId string optionalposition: namedpipeline: falsealiases: write_rollback_provider_id
Optional write rollback provider identifier.

Outputs

ADPlayground.Acl.AdxAclGovernedOperationResult

Add-ADXACL -ADObject <string> -Identity <string> -Rights <CreateChild> -ControlType <Allow|Deny> -Inheritance <All|Descendents|Children|SelfAndChildren> [-AllowWrite] [-Apply] [-DryRun <bool>] [-GovernanceMode <string>] [-Intent <string>] [-PassThru] [-WriteActorId <string>] [-WriteAuditCorrelationId <string>] [-WriteChangeReason <string>] [-WriteExecutionId <string>] [-WriteRollbackPlanId <string>] [-WriteRollbackProviderId <string>] [<CommonParameters>]
#
Parameter set: By ADObject

Parameters

ADObject string requiredposition: 0pipeline: true (ByValue, ByPropertyName)aliases: ad_object
Distinguished name/path of the object to read or modify.
Identity string requiredposition: 1pipeline: false
Identity to add (SID, DOMAIN\name, UPN, DN).
Rights AclRights requiredposition: 2pipeline: falsevalues: 16
Rights to add. Possible values: None, CreateChild, Delete, ReadControl, WriteDacl, WriteOwner, GenericRead, GenericWrite, GenericExecute, ListChildren, DeleteChild, DeleteTree, ReadProperty, WriteProperty, ExtendedRight, Self, GenericAll
Possible values: CreateChild, Delete, ReadControl, WriteDacl, WriteOwner, GenericRead, GenericWrite, GenericExecute, ListChildren, DeleteChild, DeleteTree, ReadProperty, WriteProperty, ExtendedRight, Self, GenericAll
ControlType AccessControlType requiredposition: 3pipeline: falsealiases: access_control_type, control_typevalues: 2
Access control type to apply. Possible values: Allow, Deny
Possible values: Allow, Deny
Inheritance AclInheritance requiredposition: 4pipeline: falsevalues: 4
Inheritance flags for the rule. Possible values: None, All, Descendents, Children, SelfAndChildren
Possible values: All, Descendents, Children, SelfAndChildren
AllowWrite SwitchParameter optionalposition: namedpipeline: falsealiases: allow_write
Explicit write confirmation flag for mutating operations.
Apply SwitchParameter optionalposition: namedpipeline: false
Applies changes. Without this switch, the cmdlet runs in dry-run mode.
DryRun bool optionalposition: namedpipeline: falsealiases: dry_run
Dry-run mode flag. Defaults to true; set to false (or use -Apply) to execute writes.
GovernanceMode string optionalposition: namedpipeline: falsealiases: governance_mode
Governance behavior mode. compatibility preserves legacy write defaults; enforced requires explicit governance flow.
Intent string optionalposition: namedpipeline: false
Execution intent (read_only or read_write). Default: read_only.
PassThru SwitchParameter optionalposition: namedpipeline: false
Returns the governed operation result object.
WriteActorId string optionalposition: namedpipeline: falsealiases: write_actor_id
Write actor identifier.
WriteAuditCorrelationId string optionalposition: namedpipeline: falsealiases: write_audit_correlation_id
Optional write audit correlation identifier.
WriteChangeReason string optionalposition: namedpipeline: falsealiases: write_change_reason
Write change reason, ticket, or approval reference.
WriteExecutionId string optionalposition: namedpipeline: falsealiases: write_execution_id
Write execution identifier for governance/audit correlation.
WriteRollbackPlanId string optionalposition: namedpipeline: falsealiases: write_rollback_plan_id
Write rollback plan identifier.
WriteRollbackProviderId string optionalposition: namedpipeline: falsealiases: write_rollback_provider_id
Optional write rollback provider identifier.

Outputs

ADPlayground.Acl.AdxAclGovernedOperationResult