HarmJ0y/GPO_ACL.ps1 Secret

## GPO_ACL.ps1
Get-DomainObjectAcl -Domain 'dev.testlab.local' -LDAPFilter '(objectCategory=groupPolicyContainer)' -ResolveGUIDs | ? {
    ($_.SecurityIdentifier -match '^S-1-5-.*-[1-9]\d{3,}$') -and `
    ($_.ActiveDirectoryRights -match 'WriteProperty|GenericAll|GenericWrite|WriteDacl|WriteOwner')
} | % {
    $PrincipalDN = Convert-ADName $_.SecurityIdentifier -OutputType DN
    New-Object PSObject -Property @{'ObjectDN'=$_.ObjectDN ; 'PrincipalSID'=$_.SecurityIdentifier; 'PrincipalDN'=$PrincipalDN }
} | fl
	Get-DomainObjectAcl -Domain 'dev.testlab.local' -LDAPFilter '(objectCategory=groupPolicyContainer)' -ResolveGUIDs \| ? {
	($_.SecurityIdentifier -match '^S-1-5-.*-[1-9]\d{3,}$') -and `
	($_.ActiveDirectoryRights -match 'WriteProperty\|GenericAll\|GenericWrite\|WriteDacl\|WriteOwner')
	} \| % {
	$PrincipalDN = Convert-ADName $_.SecurityIdentifier -OutputType DN
	New-Object PSObject -Property @{'ObjectDN'=$_.ObjectDN ; 'PrincipalSID'=$_.SecurityIdentifier; 'PrincipalDN'=$PrincipalDN }
	} \| fl