Ever been asked, “who has access to this folder”. Not just the groups and directly attached ACLs, but every one that can access the folder. Usually this involves bringing up a folder/share and parsing each group. Then it’s usually a bunch of excel work to remove duplicates, break apart groups, etc… Not fun.

To solve this issue, I added a tool to PowerShellCommon called Get-ADFolderACL! Let’s walk through how to use the tool and solve this problem once and for all.

The very basic usage of this tool is to simply call the function and provide a path, as follows:

 Get-ADFolderACL -Path \\Win2k16-file01.contoso.com\Folder1 

And you should see all of the groups with access to that share similar to the following:


But if we add the -recurse switch, we can get a nice output of all the users in the groups.

 Get-ADFolderACL -Path \\Win2k16-file01.contoso.com\Folder1 -Recurse 


From there, you could simply pipe to Export-CSV or Out-File and answer the question to who has access.

The tools being developed on this blog are available on the PowerShell gallery here! This means to begin using the tool set, simply run the following command to install them.

Install-Module -Name ServerAdminCommon

If you have previously installed the toolset, you can update the tools using following command:

Update-Module -Name ServerAdminCommon

As with all of the modules on this blog, you can find this tool on my github page for the ServerAdminCommon tool set


Disclaimer: All scripts and other powershell references on this blog are offered “as is” with no warranty. While these scripts are tested and working in my environment, it is recommended that you test these scripts in a test environment before using in your production environment.