API Reference
Command
Set-ADXACLInheritance
Sets the ACL inheritance state on an Active Directory security descriptor or entry.
Examples
Example 1: Preview disabling inheritance while preserving inherited ACEs
Set-ADXACLInheritance -ADObject 'OU=Workstations,OU=Managed,DC=contoso,DC=com' -Enable $false -WhatIf
Example 2: Disable inheritance and remove inherited ACEs on a service-account OU
Set-ADXACLInheritance -ADObject 'OU=Service Accounts,OU=Tier0,DC=contoso,DC=com' -Enable $false -RemoveInheritedAccessRules
Common Parameters
This command supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable.
For more information, see about_CommonParameters.
Syntax
Set-ADXACLInheritance -Security <ActiveDirectorySecurity> -Enable <bool> [-RemoveInheritedAccessRules] [<CommonParameters>]Parameter set:
By SecurityParameters
- Security ActiveDirectorySecurity
- ActiveDirectorySecurity instance to modify.
- Enable bool
- Enables inheritance when true; disables otherwise.
- RemoveInheritedAccessRules SwitchParameter
- Indicates whether inherited rules should be removed when disabling inheritance.
Set-ADXACLInheritance -Entry <DirectoryEntry> -Enable <bool> [-RemoveInheritedAccessRules] [<CommonParameters>]Parameter set:
By EntryParameters
- Entry DirectoryEntry
- DirectoryEntry object to modify.
- Enable bool
- Enables inheritance when true; disables otherwise.
- RemoveInheritedAccessRules SwitchParameter
- Indicates whether inherited rules should be removed when disabling inheritance.
Set-ADXACLInheritance -ADObject <string> -Enable <bool> [-RemoveInheritedAccessRules] [<CommonParameters>]Parameter set:
By ADObjectParameters
- ADObject string
- Distinguished name of the object to modify.
- Enable bool
- Enables inheritance when true; disables otherwise.
- RemoveInheritedAccessRules SwitchParameter
- Indicates whether inherited rules should be removed when disabling inheritance.