Copy AD ACL's for one principal to another principal

Copy-AdAcl.ps1

#
# Copy AD ACL Rules
#
param
(
$adPath,
$secPrincipal,
$newPrincipal
)

$Permissions = ([adsi]$adPath).ObjectSecurity;
if ($Permissions)
{
    $Rules = $Permissions.Access |Where-Object -Property IdentityReference -eq $secPrincipal;
    $IdentityReference = New-Object System.Security.Principal.NTAccount($newPrincipal);
    $NewRules = @()

    foreach ($Rule in $Rules)
    {
        $NewRule = New-Object System.DirectoryServices.ActiveDirectoryAccessRule(
            $IdentityReference,
            $Rule.ActiveDirectoryRights,
            $Rule.AccessControlType,
            $Rule.ObjectType,
            $Rule.InheritanceType,
            $Rule.InheritedObjectType);
        $NewRules += $NewRule;
        $Permissions.SetAccessRule($NewRule);
        }
    }
    
    return $NewRules;
else
{
    Write-Host "No permissions returned from $($adPath), please verify that you have typed the path in properly";
    }

Usage is pretty straightforward

copy-adacl.ps1 -adpath "LDAP://cn=thing,ou=folder,dc=company,dc=com" -secPrincipal "company\admin" -NewPrincipal "company\otheradmin"

Relevant links
http://msdn.microsoft.com/en-us/library/system.security.accesscontrol.directoryobjectsecurity.setaccessrule(v=vs.110).aspx

http://msdn.microsoft.com/en-us/library/31k4bah1(v=vs.110).aspx

http://msdn.microsoft.com/en-us/library/w72e8e69(v=vs.110).aspx