Saturday, February 6, 2016

How to Check Replicate Directory Changes Permission for UPS Account

Replicate Directory Changes Permission is required for user profile import account in SharePoint. While my another article How to grant Replicate Directory Changes permission walks through the steps to grant replicate directory permission,  Now the question is: How to check if a particular account has replicate directory changes permission?

PowerShell Script to check if the User Profile Import account has Replicate Directory Changes Permission:

Import-module activedirectory

$UserProfileAccountName = "Crescent\SP016_UPS"

Function Check-ADUserPermission(
    [System.DirectoryServices.DirectoryEntry]$entry, 
    [string]$user, 
    [string]$permission)
{
    $dse = [ADSI]"LDAP://Rootdse"
    $ext = [ADSI]("LDAP://CN=Extended-Rights," + $dse.ConfigurationNamingContext)

    $right = $ext.psbase.Children | 
        ? { $_.DisplayName -eq $permission }

    if($right -ne $null)
    {
        $perms = $entry.psbase.ObjectSecurity.Access |
            ? { $_.IdentityReference -eq $user } |
            ? { $_.ObjectType -eq [GUID]$right.RightsGuid.Value }

        return ($perms -ne $null)
    }
    else
    {
        Write-Warning "Permission '$permission' not found."
        return $false
    }
}

Function Check-ReplicateChanges([string]$userName)
{
    # Globals
    $replicationPermissionName = "Replicating Directory Changes"

    # Main()
    $dse = [ADSI]"LDAP://Rootdse"

    $entries = @(
        [ADSI]("LDAP://" + $dse.defaultNamingContext),

        [ADSI]("LDAP://" + $dse.configurationNamingContext));
    Write-Host " User '$userName': "

    foreach($entry in $entries)
    {
        $result = Check-ADUserPermission $entry $userName $replicationPermissionName
        if($result)
        {
            Write-Host "   has '$replicationPermissionName' permissions on '$($entry.distinguishedName)'" `
        }
        else
        {
            Write-Host "   does NOT have '$replicationPermissionName' permissions on '$($entry.distinguishedName)'" `
        }
    }
}

Check-ReplicateChanges $UserProfileAccountName
Disclaimer: I'm not the author of this script! :-)



You might also like:
SharePoint Usage Reports
Usage reports, collaboration and audit for SharePoint.
Document SharePoint Farm
Automatically generate SharePoint documentation.
*Sponsored


Check out these SharePoint products:

No comments :

Post a Comment

Please Login and comment to get your questions answered!


You might also like:

Related Posts Plugin for WordPress, Blogger...