TestimoX

API Reference

Command

Set-ADXACL

Namespace ADPlayground.PowerShell
Inputs
System.DirectoryServices.ActiveDirectorySecurity System.DirectoryServices.DirectoryEntry System.String
Outputs
ADPlayground.Acl.AclChangeSet

Replaces explicit ACL entries on an Active Directory object with governance-capable execution options.

Examples

Generated fallback example

Generated fallback example from parameter set 'By ADObject'.


Set-ADXACL -ADObject 'Value'

Generated fallback example from parameter set 'By Entry'.


Set-ADXACL -Entry 'Value'

Common Parameters

This command supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable.

For more information, see about_CommonParameters.

Syntax

Set-ADXACL -Security <ActiveDirectorySecurity> [-Entries <AclEntry[]>] [-AllowWrite] [-Apply] [-DryRun <bool>] [-GovernanceMode <string>] [-Intent <string>] [-Requests <AdxAclPermissionRequest[]>] [-ReturnGovernanceResult] [-WriteActorId <string>] [-WriteAuditCorrelationId <string>] [-WriteChangeReason <string>] [-WriteExecutionId <string>] [-WriteRollbackPlanId <string>] [-WriteRollbackProviderId <string>] [<CommonParameters>]
#
Parameter set: By Security

Parameters

Security ActiveDirectorySecurity requiredposition: 0pipeline: true (ByValue, ByPropertyName)
ActiveDirectorySecurity instance to read or modify.
Entries AclEntry[] optionalposition: 1pipeline: false
ACL entries to apply (legacy format).
AllowWrite SwitchParameter optionalposition: namedpipeline: falsealiases: allow_write
Explicit write confirmation flag for mutating operations.
Apply SwitchParameter optionalposition: namedpipeline: false
Applies changes. Without this switch, the cmdlet runs in dry-run mode.
DryRun bool optionalposition: namedpipeline: falsealiases: dry_run
Dry-run mode flag. Defaults to true; set to false (or use -Apply) to execute writes.
GovernanceMode string optionalposition: namedpipeline: falsealiases: governance_mode
Governance behavior mode. compatibility preserves legacy write defaults; enforced requires explicit governance flow.
Intent string optionalposition: namedpipeline: false
Execution intent (read_only or read_write). Default: read_only.
Requests AdxAclPermissionRequest[] optionalposition: namedpipeline: false
Permission requests to apply (SID/name-based format).
ReturnGovernanceResult SwitchParameter optionalposition: namedpipeline: falsealiases: return_governance_result
Emits the full governed result instead of only the change set.
WriteActorId string optionalposition: namedpipeline: falsealiases: write_actor_id
Write actor identifier.
WriteAuditCorrelationId string optionalposition: namedpipeline: falsealiases: write_audit_correlation_id
Optional write audit correlation identifier.
WriteChangeReason string optionalposition: namedpipeline: falsealiases: write_change_reason
Write change reason, ticket, or approval reference.
WriteExecutionId string optionalposition: namedpipeline: falsealiases: write_execution_id
Write execution identifier for governance/audit correlation.
WriteRollbackPlanId string optionalposition: namedpipeline: falsealiases: write_rollback_plan_id
Write rollback plan identifier.
WriteRollbackProviderId string optionalposition: namedpipeline: falsealiases: write_rollback_provider_id
Optional write rollback provider identifier.

Outputs

ADPlayground.Acl.AclChangeSet

Set-ADXACL -Entry <DirectoryEntry> [-Entries <AclEntry[]>] [-AllowWrite] [-Apply] [-DryRun <bool>] [-GovernanceMode <string>] [-Intent <string>] [-Requests <AdxAclPermissionRequest[]>] [-ReturnGovernanceResult] [-WriteActorId <string>] [-WriteAuditCorrelationId <string>] [-WriteChangeReason <string>] [-WriteExecutionId <string>] [-WriteRollbackPlanId <string>] [-WriteRollbackProviderId <string>] [<CommonParameters>]
#
Parameter set: By Entry

Parameters

Entry DirectoryEntry requiredposition: 0pipeline: true (ByValue, ByPropertyName)
DirectoryEntry object to read or modify.
Entries AclEntry[] optionalposition: 1pipeline: false
ACL entries to apply (legacy format).
AllowWrite SwitchParameter optionalposition: namedpipeline: falsealiases: allow_write
Explicit write confirmation flag for mutating operations.
Apply SwitchParameter optionalposition: namedpipeline: false
Applies changes. Without this switch, the cmdlet runs in dry-run mode.
DryRun bool optionalposition: namedpipeline: falsealiases: dry_run
Dry-run mode flag. Defaults to true; set to false (or use -Apply) to execute writes.
GovernanceMode string optionalposition: namedpipeline: falsealiases: governance_mode
Governance behavior mode. compatibility preserves legacy write defaults; enforced requires explicit governance flow.
Intent string optionalposition: namedpipeline: false
Execution intent (read_only or read_write). Default: read_only.
Requests AdxAclPermissionRequest[] optionalposition: namedpipeline: false
Permission requests to apply (SID/name-based format).
ReturnGovernanceResult SwitchParameter optionalposition: namedpipeline: falsealiases: return_governance_result
Emits the full governed result instead of only the change set.
WriteActorId string optionalposition: namedpipeline: falsealiases: write_actor_id
Write actor identifier.
WriteAuditCorrelationId string optionalposition: namedpipeline: falsealiases: write_audit_correlation_id
Optional write audit correlation identifier.
WriteChangeReason string optionalposition: namedpipeline: falsealiases: write_change_reason
Write change reason, ticket, or approval reference.
WriteExecutionId string optionalposition: namedpipeline: falsealiases: write_execution_id
Write execution identifier for governance/audit correlation.
WriteRollbackPlanId string optionalposition: namedpipeline: falsealiases: write_rollback_plan_id
Write rollback plan identifier.
WriteRollbackProviderId string optionalposition: namedpipeline: falsealiases: write_rollback_provider_id
Optional write rollback provider identifier.

Outputs

ADPlayground.Acl.AclChangeSet

Set-ADXACL -ADObject <string> [-Entries <AclEntry[]>] [-AllowWrite] [-Apply] [-DryRun <bool>] [-GovernanceMode <string>] [-Intent <string>] [-Requests <AdxAclPermissionRequest[]>] [-ReturnGovernanceResult] [-WriteActorId <string>] [-WriteAuditCorrelationId <string>] [-WriteChangeReason <string>] [-WriteExecutionId <string>] [-WriteRollbackPlanId <string>] [-WriteRollbackProviderId <string>] [<CommonParameters>]
#
Parameter set: By ADObject

Parameters

ADObject string requiredposition: 0pipeline: true (ByValue, ByPropertyName)aliases: ad_object
Distinguished name/path of the object to read or modify.
Entries AclEntry[] optionalposition: 1pipeline: false
ACL entries to apply (legacy format).
AllowWrite SwitchParameter optionalposition: namedpipeline: falsealiases: allow_write
Explicit write confirmation flag for mutating operations.
Apply SwitchParameter optionalposition: namedpipeline: false
Applies changes. Without this switch, the cmdlet runs in dry-run mode.
DryRun bool optionalposition: namedpipeline: falsealiases: dry_run
Dry-run mode flag. Defaults to true; set to false (or use -Apply) to execute writes.
GovernanceMode string optionalposition: namedpipeline: falsealiases: governance_mode
Governance behavior mode. compatibility preserves legacy write defaults; enforced requires explicit governance flow.
Intent string optionalposition: namedpipeline: false
Execution intent (read_only or read_write). Default: read_only.
Requests AdxAclPermissionRequest[] optionalposition: namedpipeline: false
Permission requests to apply (SID/name-based format).
ReturnGovernanceResult SwitchParameter optionalposition: namedpipeline: falsealiases: return_governance_result
Emits the full governed result instead of only the change set.
WriteActorId string optionalposition: namedpipeline: falsealiases: write_actor_id
Write actor identifier.
WriteAuditCorrelationId string optionalposition: namedpipeline: falsealiases: write_audit_correlation_id
Optional write audit correlation identifier.
WriteChangeReason string optionalposition: namedpipeline: falsealiases: write_change_reason
Write change reason, ticket, or approval reference.
WriteExecutionId string optionalposition: namedpipeline: falsealiases: write_execution_id
Write execution identifier for governance/audit correlation.
WriteRollbackPlanId string optionalposition: namedpipeline: falsealiases: write_rollback_plan_id
Write rollback plan identifier.
WriteRollbackProviderId string optionalposition: namedpipeline: falsealiases: write_rollback_provider_id
Optional write rollback provider identifier.

Outputs

ADPlayground.Acl.AclChangeSet