kwizcom banner advertisement

How to Check Replicate Directory Changes Permission for UPS Account?

Replicate Directory Changes Permission is required for user profile import account in SharePoint. While my another article How to grant Replicate Directory Changes permission walks through the steps to grant replicate directory permission,  Now the question is: How to check if a particular account has replicate directory changes permission?

PowerShell Script to check if the User Profile Import account has Replicate Directory Changes Permission:
Import-module activedirectory

$UserProfileAccountName = "Crescent\SP016_UPS"

Function Check-ADUserPermission(
    [System.DirectoryServices.DirectoryEntry]$entry, 
    [string]$user, 
    [string]$permission)
{
    $dse = [ADSI]"LDAP://Rootdse"
    $ext = [ADSI]("LDAP://CN=Extended-Rights," + $dse.ConfigurationNamingContext)

    $right = $ext.psbase.Children | 
        ? { $_.DisplayName -eq $permission }

    if($right -ne $null)
    {
        $perms = $entry.psbase.ObjectSecurity.Access |
            ? { $_.IdentityReference -eq $user } |
            ? { $_.ObjectType -eq [GUID]$right.RightsGuid.Value }

        return ($perms -ne $null)
    }
    else
    {
        Write-Warning "Permission '$permission' not found."
        return $false
    }
}

Function Check-ReplicateChanges([string]$userName)
{
    # Globals
    $replicationPermissionName = "Replicating Directory Changes"

    # Main()
    $dse = [ADSI]"LDAP://Rootdse"

    $entries = @(
        [ADSI]("LDAP://" + $dse.defaultNamingContext),

        [ADSI]("LDAP://" + $dse.configurationNamingContext));
    Write-Host " User '$userName': "

    foreach($entry in $entries)
    {
        $result = Check-ADUserPermission $entry $userName $replicationPermissionName
        if($result)
        {
            Write-Host "   has '$replicationPermissionName' permissions on '$($entry.distinguishedName)'" `
        }
        else
        {
            Write-Host "   does NOT have '$replicationPermissionName' permissions on '$($entry.distinguishedName)'" `
        }
    }
}

Check-ReplicateChanges $UserProfileAccountName
Disclaimer: I'm not the author of this script! :-)
How to Check Replicate Directory Changes Permission for UPS Account? How to Check Replicate Directory Changes Permission for UPS Account? Reviewed by Salaudeen Rajack on February 06, 2016 Rating: 5

No comments:

Please Login and comment to get your questions answered!

Powered by Blogger.