Update-ADXACL

Namespace ADPlayground.PowerShell

Inputs

System.DirectoryServices.ActiveDirectorySecurity System.DirectoryServices.DirectoryEntry System.String

Outputs

ADPlayground.Acl.AdxAclGovernedOperationResult

Modifies ACL entries (add/remove batch) on an Active Directory object with governance-capable execution options.

Examples

Authored help example

Example 1: Preview adding one ACE and removing another in a single batch


$add = @(
                [ADPlayground.Acl.AdxAclPermissionRequest]@{ Identity = 'CONTOSO\Helpdesk Tier1'; Rights = [ADPlayground.Acl.AclRights]::ReadProperty; AccessControlType = [System.Security.AccessControl.AccessControlType]::Allow; Inheritance = [ADPlayground.Acl.AclInheritance]::Descendents }
              )
              $remove = @(
                [ADPlayground.Acl.AdxAclPermissionRequest]@{ Identity = 'CONTOSO\Legacy Helpdesk'; Rights = [ADPlayground.Acl.AclRights]::ReadProperty; AccessControlType = [System.Security.AccessControl.AccessControlType]::Allow; Inheritance = [ADPlayground.Acl.AclInheritance]::Descendents }
              )
              Update-ADXACL -ADObject 'OU=Workstations,OU=Managed,DC=contoso,DC=com' -AddRequests $add -RemoveRequests $remove -WhatIf

Example 2: Return the governed operation result for a delegation refresh


$add = [ADPlayground.Acl.AdxAclPermissionRequest]@{ Identity = 'CONTOSO\Tier1 Server Admins'; Rights = [ADPlayground.Acl.AclRights]::WriteProperty; AccessControlType = [System.Security.AccessControl.AccessControlType]::Allow; Inheritance = [ADPlayground.Acl.AclInheritance]::Children }
              Update-ADXACL -ADObject 'OU=Servers,OU=Managed,DC=contoso,DC=com' -AddRequests $add

Common Parameters

This command supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable.

For more information, see about_CommonParameters.

Syntax

Update-ADXACL -Security <ActiveDirectorySecurity> [-AddRequests <AdxAclPermissionRequest[]>] [-AllowWrite] [-Apply] [-DryRun <bool>] [-GovernanceMode <string>] [-Intent <string>] [-RemoveRequests <AdxAclPermissionRequest[]>] [-WriteActorId <string>] [-WriteAuditCorrelationId <string>] [-WriteChangeReason <string>] [-WriteExecutionId <string>] [-WriteRollbackPlanId <string>] [-WriteRollbackProviderId <string>] [<CommonParameters>]

Parameter set: By Security

Parameters

Security ActiveDirectorySecurity requiredposition: 0pipeline: true (ByValue, ByPropertyName): ActiveDirectorySecurity instance to read or modify.
AddRequests AdxAclPermissionRequest[] optionalposition: namedpipeline: falsealiases: add_requests: Permission entries to add.
AllowWrite SwitchParameter optionalposition: namedpipeline: falsealiases: allow_write: Explicit write confirmation flag for mutating operations.
Apply SwitchParameter optionalposition: namedpipeline: false: Applies changes. Without this switch, the cmdlet runs in dry-run mode.
DryRun bool optionalposition: namedpipeline: falsealiases: dry_run: Dry-run mode flag. Defaults to true; set to false (or use -Apply) to execute writes.
GovernanceMode string optionalposition: namedpipeline: falsealiases: governance_mode: Governance behavior mode. compatibility preserves legacy write defaults; enforced requires explicit governance flow.
Intent string optionalposition: namedpipeline: false: Execution intent (read_only or read_write). Default: read_only.
RemoveRequests AdxAclPermissionRequest[] optionalposition: namedpipeline: falsealiases: remove_requests: Permission entries to remove.
WriteActorId string optionalposition: namedpipeline: falsealiases: write_actor_id: Write actor identifier.
WriteAuditCorrelationId string optionalposition: namedpipeline: falsealiases: write_audit_correlation_id: Optional write audit correlation identifier.
WriteChangeReason string optionalposition: namedpipeline: falsealiases: write_change_reason: Write change reason, ticket, or approval reference.
WriteExecutionId string optionalposition: namedpipeline: falsealiases: write_execution_id: Write execution identifier for governance/audit correlation.
WriteRollbackPlanId string optionalposition: namedpipeline: falsealiases: write_rollback_plan_id: Write rollback plan identifier.
WriteRollbackProviderId string optionalposition: namedpipeline: falsealiases: write_rollback_provider_id: Optional write rollback provider identifier.

Outputs

ADPlayground.Acl.AdxAclGovernedOperationResult

Update-ADXACL -Entry <DirectoryEntry> [-AddRequests <AdxAclPermissionRequest[]>] [-AllowWrite] [-Apply] [-DryRun <bool>] [-GovernanceMode <string>] [-Intent <string>] [-RemoveRequests <AdxAclPermissionRequest[]>] [-WriteActorId <string>] [-WriteAuditCorrelationId <string>] [-WriteChangeReason <string>] [-WriteExecutionId <string>] [-WriteRollbackPlanId <string>] [-WriteRollbackProviderId <string>] [<CommonParameters>]

Parameter set: By Entry

Parameters

Entry DirectoryEntry requiredposition: 0pipeline: true (ByValue, ByPropertyName): DirectoryEntry object to read or modify.
AddRequests AdxAclPermissionRequest[] optionalposition: namedpipeline: falsealiases: add_requests: Permission entries to add.
AllowWrite SwitchParameter optionalposition: namedpipeline: falsealiases: allow_write: Explicit write confirmation flag for mutating operations.
Apply SwitchParameter optionalposition: namedpipeline: false: Applies changes. Without this switch, the cmdlet runs in dry-run mode.
DryRun bool optionalposition: namedpipeline: falsealiases: dry_run: Dry-run mode flag. Defaults to true; set to false (or use -Apply) to execute writes.
GovernanceMode string optionalposition: namedpipeline: falsealiases: governance_mode: Governance behavior mode. compatibility preserves legacy write defaults; enforced requires explicit governance flow.
Intent string optionalposition: namedpipeline: false: Execution intent (read_only or read_write). Default: read_only.
RemoveRequests AdxAclPermissionRequest[] optionalposition: namedpipeline: falsealiases: remove_requests: Permission entries to remove.
WriteActorId string optionalposition: namedpipeline: falsealiases: write_actor_id: Write actor identifier.
WriteAuditCorrelationId string optionalposition: namedpipeline: falsealiases: write_audit_correlation_id: Optional write audit correlation identifier.
WriteChangeReason string optionalposition: namedpipeline: falsealiases: write_change_reason: Write change reason, ticket, or approval reference.
WriteExecutionId string optionalposition: namedpipeline: falsealiases: write_execution_id: Write execution identifier for governance/audit correlation.
WriteRollbackPlanId string optionalposition: namedpipeline: falsealiases: write_rollback_plan_id: Write rollback plan identifier.
WriteRollbackProviderId string optionalposition: namedpipeline: falsealiases: write_rollback_provider_id: Optional write rollback provider identifier.

Outputs

ADPlayground.Acl.AdxAclGovernedOperationResult

Update-ADXACL -ADObject <string> [-AddRequests <AdxAclPermissionRequest[]>] [-AllowWrite] [-Apply] [-DryRun <bool>] [-GovernanceMode <string>] [-Intent <string>] [-RemoveRequests <AdxAclPermissionRequest[]>] [-WriteActorId <string>] [-WriteAuditCorrelationId <string>] [-WriteChangeReason <string>] [-WriteExecutionId <string>] [-WriteRollbackPlanId <string>] [-WriteRollbackProviderId <string>] [<CommonParameters>]

Parameter set: By ADObject

Parameters

ADObject string requiredposition: 0pipeline: true (ByValue, ByPropertyName)aliases: ad_object: Distinguished name/path of the object to read or modify.
AddRequests AdxAclPermissionRequest[] optionalposition: namedpipeline: falsealiases: add_requests: Permission entries to add.
AllowWrite SwitchParameter optionalposition: namedpipeline: falsealiases: allow_write: Explicit write confirmation flag for mutating operations.
Apply SwitchParameter optionalposition: namedpipeline: false: Applies changes. Without this switch, the cmdlet runs in dry-run mode.
DryRun bool optionalposition: namedpipeline: falsealiases: dry_run: Dry-run mode flag. Defaults to true; set to false (or use -Apply) to execute writes.
GovernanceMode string optionalposition: namedpipeline: falsealiases: governance_mode: Governance behavior mode. compatibility preserves legacy write defaults; enforced requires explicit governance flow.
Intent string optionalposition: namedpipeline: false: Execution intent (read_only or read_write). Default: read_only.
RemoveRequests AdxAclPermissionRequest[] optionalposition: namedpipeline: falsealiases: remove_requests: Permission entries to remove.
WriteActorId string optionalposition: namedpipeline: falsealiases: write_actor_id: Write actor identifier.
WriteAuditCorrelationId string optionalposition: namedpipeline: falsealiases: write_audit_correlation_id: Optional write audit correlation identifier.
WriteChangeReason string optionalposition: namedpipeline: falsealiases: write_change_reason: Write change reason, ticket, or approval reference.
WriteExecutionId string optionalposition: namedpipeline: falsealiases: write_execution_id: Write execution identifier for governance/audit correlation.
WriteRollbackPlanId string optionalposition: namedpipeline: falsealiases: write_rollback_plan_id: Write rollback plan identifier.
WriteRollbackProviderId string optionalposition: namedpipeline: falsealiases: write_rollback_provider_id: Optional write rollback provider identifier.

Outputs

ADPlayground.Acl.AdxAclGovernedOperationResult