Change Ownership of Directories using Powershell

Posted on

Today I am going to share a small , however, very useful script to change Ownership of a list of Windows Directories / CIFS using Powershell. Being a Windows System Administrator, we often find ourselves in situations where we have issues to access or change NTFS permission on Directories. We tend to update or take Ownership of those problematic Directories to set permissions properly.

Updating Ownership manually is a very tedious work, specially, when you have to do it on a long list of Directories. A quick script would be very handy in such situation.

The script I am sharing today accepts certain inputs from the user. We need to provide a source text file which has the list of Directories to change ownership. The User Id in Domain\UserId format for Active Directory User. This script will create two csv files with ownership information, before and after the script run.

Make sure, you are in the source directory where you would like to apply this change.

With that, let’s start writing the script. First define and assign required variables :

$currentDir = $(Get-Location).Path # Current working directory.Ideally the location where you have the file containing the list of folders
$iFile = "$($currentDir)\AllDirs.txt" # Source file containing the list of Folders to change Ownership

$oFile1 = "$($currentDir)\Before_Change.csv" # Logging Ownership information before making changes
$oFile2 = "$($currentDir)\After_Change.csv"  # Logging Ownership information after making changes

$newOwnerId = "<domain>\<userid>" # Example, ABC\123456, Where ABC is domain short name and 123456 is the user id

Now, let’s check if the provided file exists in the path.If not, we will exit. If the file path is valid and file is accessible, we will proceed with the main script where Ownership will be changed to the provided user id :

if(!Test-Path $iFile){
    Write-Error "Please check the input file path and try again!"
    Exit
}
else{
    if(Test-Path $oFile1){Remove-Item $oFile1 -Force}
    "Folder Path,Owner" | Out-File $oFile1 -Append -Encoding ASCII
    if(Test-Path $oFile2){Remove-Item $oFile2 -Force}
    "Folder Path,Owner" | Out-File $oFile2 -Append -Encoding ASCII
    ForEach($f in Get-Content $iFile){
        $acl = $acl1 = $owner = ""
        $acl = Get-Acl (Get-Item $f).FullName
        $owner = $acl.Owner
        "$f,$owner" | Out-File $oFile1 -Append -Encoding ASCII
        $acl.SetOwner([System.Security.Principal.NTAccount] $newOwnerId)
        Set-Acl (Get-Item $f).FullName $acl
        $acl1 = Get-Acl $f
        $owner = $acl1.Owner
        "$f,$owner" | Out-File $oFile2 -Append -Encoding ASCII        
    }
}

That’s it! Here I am passing input values directly in the script.This is not a good approach. You can use parameters and pass those values through parameters. Feel free to change script accordingly. Let me know, if you face any issue converting this script to support parameters!