Syntax, structure, & general help: Changing share permissions

New to powershell and haven't done any sort of programming for a number of years.

I have several user accounts and global groups that are changing domains and I'm trying to devise a method in which to go through all my fileshares and add/delete/replace specific old accounts with the new ones. NTFS permissions are not an issue as share permissions are all that need to be changed in my environment.

It currently exports the share info properly and I'm trying to add on and use this same script to make my changes to the shares. Any help at all with the block commented section is appreciated.

###

# ChangeSharePermissions.ps1

# Base script of exportshareinfo.ps1 from http://mow001.blogspot.com/2006/05/powershell-export-shares-and-security.html

# username is used to find SID when the import is run

###

$date = get-date

$datefile = get-date -uformat '%m-%d-%Y-%H%M%S'

# List of servers to get share info from

get-content'\\dfsn.exampledomain.com\root\Scripts\Powershell\ChangeSharePermissions-serverlist.txt' | % {

$fileserver = $_

Write-Host "Processing: " $fileserver -ForegroundColor Yellow

# export to separate folder with filename based on server name (1 file per server)

$filename ='\\dfsn.exampledomain.com\root\Scripts\Powershell\ChangeSharePermissions-Output\' +  $_  + '.csv'

Write-Host "Saving into: " $filename

$ProblemShares = @{} # Store shares where security cant be found in this hash table (note: doesn't log if failure is due to inability to connect to server)

# The meat

Function Get-ShareInfo($shares) {

$arrShareInfo = @()

Foreach ($share in $shares) {

trap{continue;}

write-host $share.name

$strWMI = "\\" + $fileServer +"\root\cimv2:win32_LogicalShareSecuritySetting.Name='" + $share.name + "'"

$objWMI_ThisShareSec = $null

$objWMI_ThisShareSec = [wmi]$strWMI

#In case the WMI query or 'GetSecurityDescriptor' fails, we retry a few times before adding to 'problem shares'

For($i=0;($i -lt 5) -and ($objWMI_ThisShareSec -eq $null);$i++) {

sleep -milliseconds 200

$objWMI_ThisShareSec = [wmi]$strWMI

}

$objWMI_SD = $null

$objWMI_SD = $objWMI_ThisShareSec.invokeMethod('GetSecurityDescriptor',$null,$null)

For($j=0;($j -lt 5) -and ($objWMI_SD -eq $null);$j++) {

sleep -milliseconds 200

$objWMI_SD = $objWMI_ThisShareSec.invokeMethod('GetSecurityDescriptor',$null,$null)

}

If($objWMI_SD -ne $null) {

$arrShareInfo += $objWMI_SD.Descriptor.DACL | % {

$_ | select @{e={$share.name};n='Name'},

@{e={$share.Path};n='Path'},

@{e={$share.Description};n='Description'},

AccessMask,

AceFlags,

AceType,

@{e={$_.trustee.Name};n='User'},

@{e={$_.trustee.Domain};n='Domain'}

 } #end array stuffing

} #end check for null share

Else {

$ProblemShares.Add($share.name, "failed to find security info")

}

####################################   H E L P  ##############################################

## code for changing share permissions here.. before ending the foreach() share loop

#

<# read csv with fields: domain,user,newdomain,newuser,typeofchange

and assign:

$domain='mydomain'

$user='User1'

$newdomain='myNewDomain'

$newuser='NewUser1'

$typeofchange=<add/remove,swap>

if domain = $domain and user = $olduser then {

                new cimsession

                if $todo=add or $todo=swap then {

                                #NOTE-- convert accessmask of 1179817 to read, and 203127 to full and store in $AccessMaskInfo before running the grant command!

                                Grant-SmbShareAccess -cimsession $fileserver -Name share$ -accountname $newdomain\$newuser -accessright $AccessMaskInfo

                                }

                else if $todo=remove or $todo=swap then {

                                Revoke-SmbShareAccess -cimsession $fileserver -name share$ -accountname $domain\user$

                                }

                close cimsession

} #>

##

###

##############################################################################################

}

return $arrshareInfo

}

# end function (Get-ShareInfo)

Write-Host "Processing Host: $fileserver" -ForegroundColor yellow

# get Shares (Type 0 is "Normal" shares)

$shares = gwmi Win32_Share -computer $fileServer -filter'type=0'

$ShareInfo = Get-ShareInfo($shares)

# Export & filter out usernames of "system" and "administrators"

Write-Host "Exporting to CSV" -ForegroundColor yellow

$ShareInfo | select Name,Path,Description,User,Domain,AccessMask,AceFlags,AceType,dfsntodo | where user -ne 'system' | where user -ne 'administrators' | export-csv -noType $filename

Write-Host "Output saved as: $filename" -ForegroundColor Cyan

If ($ProblemShares.count -ge 1) {

Write-Host "These Shares Failed to Export:"

}

$ProblemShares

### Start search proof

## (that I can locate a specific account on any of the specified servers)

$oldname='joeuser'

$domain='mydomain'

Write-Host "search results:"

$ShareInfo | select Name,Path,Description,User,Domain,AccessMask,dfsntodo | where domain -eq $domain | where user -eq $oldname

##

### end search proof

# end serverlist get-content

Write-Host "-DONE-" -ForegroundColor Red

### EOF ###