Function Get-File($initialDirectory)
{
[hashtable]$return = @{}
[System.Reflection.Assembly]::LoadWithPartialName("System.windows.forms")|Out-Null
$inputfile = New-Object System.Windows.Forms.OpenFileDialog
$inputfile.initialDirectory = "MyComputer"
$inputfile.filter = "TXT (*.txt) | *.txt"
$inputfile.showdialog() | Out-Null
$return.File = $inputfile.FileName
$return.SFile = $inputfile.safeFileName -replace ".{4}$"

return $return
}

Function Set-Owner {
<#
.SYNOPSIS
Changes owner of a file or folder to another user or group.

.DESCRIPTION
Changes owner of a file or folder to another user or group.

.PARAMETER Path
The folder or file that will have the owner changed.

.PARAMETER Account
Optional parameter to change owner of a file or folder to specified account.

Default value is 'Builtin\Administrators'

.PARAMETER Recurse
Recursively set ownership on subfolders and files beneath given folder.

.NOTES
Name: Set-Owner
Author: Boe Prox
Version History:
1.0 - Boe Prox
- Initial Version

.EXAMPLE
Set-Owner -Path C:\temp\test.txt

Description
-----------
Changes the owner of test.txt to Builtin\Administrators

.EXAMPLE
Set-Owner -Path C:\temp\test.txt -Account 'Domain\bprox

Description
-----------
Changes the owner of test.txt to Domain\bprox

.EXAMPLE
Set-Owner -Path C:\temp -Recurse

Description
-----------
Changes the owner of all files and folders under C:\Temp to Builtin\Administrators

.EXAMPLE
Get-ChildItem C:\Temp | Set-Owner -Recurse -Account 'Domain\bprox'

Description
-----------
Changes the owner of all files and folders under C:\Temp to Domain\bprox
#>
[cmdletbinding(
SupportsShouldProcess = $True
)]
Param (
[parameter(ValueFromPipeline=$True,ValueFromPipelineByPropertyName=$True)]
[Alias('FullName')]
[string[]]$Path,
[parameter()]
[string]$Account = 'Builtin\Administrators',
[parameter()]
[switch]$Recurse
)
Begin {
#Prevent Confirmation on each Write-Debug command when using -Debug
If ($PSBoundParameters['Debug']) {
$DebugPreference = 'Continue'
}
Try {
[void][TokenAdjuster]
} Catch {
$AdjustTokenPrivileges = @"
using System;
using System.Runtime.InteropServices;

public class TokenAdjuster
{
[DllImport("advapi32.dll", ExactSpelling = true, SetLastError = true)]
internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall,
ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen);
[DllImport("kernel32.dll", ExactSpelling = true)]
internal static extern IntPtr GetCurrentProcess();
[DllImport("advapi32.dll", ExactSpelling = true, SetLastError = true)]
internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr
phtok);
[DllImport("advapi32.dll", SetLastError = true)]
internal static extern bool LookupPrivilegeValue(string host, string name,
ref long pluid);
[StructLayout(LayoutKind.Sequential, Pack = 1)]
internal struct TokPriv1Luid
{
public int Count;
public long Luid;
public int Attr;
}
internal const int SE_PRIVILEGE_DISABLED = 0x00000000;
internal const int SE_PRIVILEGE_ENABLED = 0x00000002;
internal const int TOKEN_QUERY = 0x00000008;
internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;
public static bool AddPrivilege(string privilege)
{
try
{
bool retVal;
TokPriv1Luid tp;
IntPtr hproc = GetCurrentProcess();
IntPtr htok = IntPtr.Zero;
retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);
tp.Count = 1;
tp.Luid = 0;
tp.Attr = SE_PRIVILEGE_ENABLED;
retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);
retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);
return retVal;
}
catch (Exception ex)
{
throw ex;
}
}
public static bool RemovePrivilege(string privilege)
{
try
{
bool retVal;
TokPriv1Luid tp;
IntPtr hproc = GetCurrentProcess();
IntPtr htok = IntPtr.Zero;
retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);
tp.Count = 1;
tp.Luid = 0;
tp.Attr = SE_PRIVILEGE_DISABLED;
retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);
retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);
return retVal;
}
catch (Exception ex)
{
throw ex;
}
}
}
"@

Add-Type $AdjustTokenPrivileges
}

#Activate necessary admin privileges to make changes without NTFS perms
[void][TokenAdjuster]::AddPrivilege("SeRestorePrivilege") #Necessary to set Owner Permissions
[void][TokenAdjuster]::AddPrivilege("SeBackupPrivilege") #Necessary to bypass Traverse Checking
[void][TokenAdjuster]::AddPrivilege("SeTakeOwnershipPrivilege") #Necessary to override FilePermissions

}
Process {
ForEach ($Item in $Path) {
Write-Verbose "FullName: $Item"
#The ACL objects do not like being used more than once, so re-create them on the Process block
$DirOwner = New-Object System.Security.AccessControl.DirectorySecurity

# Add-Type $AdjustTokenPrivileges
# }
# }
# Process {
# ForEach ($Item in $Path) {
# Write-Verbose "FullName: $Item"
#Activate necessary admin privileges to make changes without NTFS perms
# [void][TokenAdjuster]::AddPrivilege("SeRestorePrivilege") #Necessary to set Owner Permissions
# [void][TokenAdjuster]::AddPrivilege("SeBackupPrivilege") #Necessary to bypass Traverse Checking
# [void][TokenAdjuster]::AddPrivilege("SeTakeOwnershipPrivilege") #Necessary to override FilePermissions
#The ACL objects do not like being used more than once, so re-create them on the Process block
# $DirOwner = New-Object System.Security.AccessControl.DirectorySecurity

$DirOwner.SetOwner([System.Security.Principal.NTAccount]$Account)
$FileOwner = New-Object System.Security.AccessControl.FileSecurity
$FileOwner.SetOwner([System.Security.Principal.NTAccount]$Account)
$DirAdminAcl = New-Object System.Security.AccessControl.DirectorySecurity
$FileAdminAcl = New-Object System.Security.AccessControl.DirectorySecurity
$AdminACL = New-Object System.Security.AccessControl.FileSystemAccessRule('Builtin\Administrators','FullControl','ContainerInherit,ObjectInherit','InheritOnly','Allow')
$FileAdminAcl.AddAccessRule($AdminACL)
$DirAdminAcl.AddAccessRule($AdminACL)
Try {
$Item = Get-Item -LiteralPath $Item -Force -ErrorAction Stop
If (-NOT $Item.PSIsContainer) {
If ($PSCmdlet.ShouldProcess($Item, 'Set File Owner')) {
Try {
$Item.SetAccessControl($FileOwner)
} Catch {
Write-Warning "Couldn't take ownership of $($Item.FullName)! Taking FullControl of $($Item.Directory.FullName)"
$Item.Directory.SetAccessControl($FileAdminAcl)
$Item.SetAccessControl($FileOwner)
}
}
} Else {
If ($PSCmdlet.ShouldProcess($Item, 'Set Directory Owner')) {
Try {
$Item.SetAccessControl($DirOwner)
} Catch {
Write-Warning "Couldn't take ownership of $($Item.FullName)! Taking FullControl of $($Item.Parent.FullName)"
$Item.Parent.SetAccessControl($DirAdminAcl)
$Item.SetAccessControl($DirOwner)
}
}
If ($Recurse) {
[void]$PSBoundParameters.Remove('Path')
Get-ChildItem $Item -Force | Set-Owner @PSBoundParameters
}
}
} Catch {
Write-Warning "$($Item): $($_.Exception.Message)"
}
}
}
End {
#Remove priviledges that had been granted
[void][TokenAdjuster]::RemovePrivilege("SeRestorePrivilege")
[void][TokenAdjuster]::RemovePrivilege("SeBackupPrivilege")
[void][TokenAdjuster]::RemovePrivilege("SeCreateTokenPrivilege")

}
}

#MAIN
cls
$OutFile = "C:\temp\output.log"
#Import-Module ServerManager
#Add-WindowsFeature RSAT-AD-PowerShell
import-module activedirectory
#$Folders = Get-Content "M:\DriveMaps\Input\user_list.txt"
$getfolder = Get-File
$folders = Get-Content $getfolder.File

Foreach ($username in $folders)
{
$folder = "\\Prod.mgnx.cloud\Magnoxusers\UserProfiles\" + $username + ".V2"
$owner = $username + "@prod.mgnx.cloud"
$user1 = Get-ADUser -LDAPFilter "(&(objectCategory=User)(sAMAccountName=$username))" -server prod.mgnx.cloud
#$user = Get-ADUser -LDAPFilter "(&(objectCategory=User)(userPrincipalName=$owner))" -server prod.mgnx.cloud
If ($user1)
{
$message = "Procesing " + $folder
write-host $message
Write-Output $message | Out-File -FilePath $OutFile -append
Get-ChildItem $folder |Set-Owner -Recurse -Account $owner
$acl = Get-ACL -Path $folder
$acl.SetAccessRuleProtection($False, $True) #To allow inheritance change it as $acl.SetAccessRuleProtection($False, $True)
Set-Acl -Path $folder -AclObject $acl
$Sub = Get-ChildItem $folder -Recurse -Depth 2 -Directory -Force -ErrorAction SilentlyContinue | Select-Object FullName
Foreach ($item in $Sub)
{
$item = $item -replace ‘[}]’,”"
$item = $item -replace "@{FullName=",”"
$acl2 = Get-ACL -Path $item
$acl2.SetAccessRuleProtection($False, $True) #To allow inheritance change it as $acl.SetAccessRuleProtection($False, $True)
Set-Acl -Path $item -AclObject $acl2
}
}
Else
{
$message = "Cannot process " + $folder + " as the user " + $owner + " is not in AD"
write-host $message -ForegroundColor Red
Write-Output $message | Out-File -FilePath $OutFile -append
}
}

Foreach ($username in $folders)
{
$folder = "\\Prod.mgnx.cloud\Magnoxusers\UserProfiles\" + $username + ".V2"
$owner = $username + "@prod.mgnx.cloud"
$user1 = Get-ADUser -LDAPFilter "(&(objectCategory=User)(sAMAccountName=$username))" -server prod.mgnx.cloud
#$user = Get-ADUser -LDAPFilter "(&(objectCategory=User)(userPrincipalName=$owner))" -server prod.mgnx.cloud
If ($user1)
{
$message = "Procesing " + $folder
write-host $message
Write-Output $message | Out-File -FilePath $OutFile -append
Get-ChildItem $folder |Set-Owner -Recurse -Account $owner
$acl = Get-ACL -Path $folder
$acl.SetAccessRuleProtection($False, $True) #To allow inheritance change it as $acl.SetAccessRuleProtection($False, $True)
Set-Acl -Path $folder -AclObject $acl
$Sub = Get-ChildItem $folder -Recurse -Depth 2 -Directory -Force -ErrorAction SilentlyContinue | Select-Object FullName
Foreach ($item in $Sub)
{
$item = $item -replace ‘[}]’,”"
$item = $item -replace "@{FullName=",”"
$acl2 = Get-ACL -Path $item
$acl2.SetAccessRuleProtection($False, $True) #To allow inheritance change it as $acl.SetAccessRuleProtection($False, $True)
Set-Acl -Path $item -AclObject $acl2
}
}
Else
{
$message = "Cannot process " + $folder + " as the user " + $owner + " is not in AD"
write-host $message -ForegroundColor Red
Write-Output $message | Out-File -FilePath $OutFile -append
}
}