API Reference
Command
Restore-ADXACLDefault
Restores the default security descriptor on an Active Directory object.
Examples
Example 1: Preview restoring default ACLs on a service-account OU
Restore-ADXACLDefault -ADObject 'OU=Service Accounts,OU=Tier0,DC=contoso,DC=com' -WhatIf
Example 2: Restore default ACLs and remove inherited rules from a test OU
Restore-ADXACLDefault -ADObject 'OU=Delegation-Lab,DC=contoso,DC=com' -RemoveInheritedAccessRules
Common Parameters
This command supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable.
For more information, see about_CommonParameters.
Syntax
Restore-ADXACLDefault -Security <ActiveDirectorySecurity> -DefaultSecurityDescriptor <string> [-RemoveInheritedAccessRules] [<CommonParameters>]Parameter set:
By DefaultSecurityDescriptor + SecurityParameters
- Security ActiveDirectorySecurity
- ActiveDirectorySecurity instance to reset.
- DefaultSecurityDescriptor string
- Default security descriptor SDDL string.
- RemoveInheritedAccessRules SwitchParameter
- If set, removes inherited access rules.
Restore-ADXACLDefault -Entry <DirectoryEntry> [-RemoveInheritedAccessRules] [<CommonParameters>]Parameter set:
By EntryParameters
- Entry DirectoryEntry
- DirectoryEntry object to reset.
- RemoveInheritedAccessRules SwitchParameter
- If set, removes inherited access rules.
Restore-ADXACLDefault -ADObject <string> [-RemoveInheritedAccessRules] [<CommonParameters>]Parameter set:
By ADObjectParameters
- ADObject string
- Distinguished name of the object to reset.
- RemoveInheritedAccessRules SwitchParameter
- If set, removes inherited access rules.