Created a R/RW/L SG for root folders in a share

$folders = get-childitem -directory -path "\\Server\share"



ForEach ($name in $folders)
{

$ns = $name.name -replace ' ','.'
#write-host "Grant Read/Write access to '$($name.FullName)' This is a SN Group only"
#Write-host "sg.ag.$($ns).RW"

#Read/Write Groups
#New-ADGroup -server "ral1-dc01" -DisplayName "sg.ag.$($ns).RW" -Name "sg.ag.$($ns).RW"  -Description "Grant Read/Write access to '$($name.FullName)' This is a SN Group only" -GroupScope Universal -Path "OU=ServiceNow,OU=File Groups,OU=Security Groups,DC=trialcard,DC=com"

#Read Groups
New-ADGroup -server "ral1-dc01" -DisplayName "sg.ag.$($ns).R" -Name "sg.ag.$($ns).R"  -Description "Grant Read Only access to '$($name.FullName)' This is a SN Group only" -GroupScope Universal -Path "OU=ServiceNow,OU=File Groups,OU=Security Groups,DC=trialcard,DC=com"

#List Groups
New-ADGroup -server "ral1-dc01" -DisplayName "sg.ag.$($ns).L" -Name "sg.ag.$($ns).L"  -Description "Grant List access to '$($name.FullName)' This is a SN Group only" -GroupScope Universal -Path "OU=ServiceNow,OU=File Groups,OU=Security Groups,DC=trialcard,DC=com"
$users = Get-Content c:\scripts\list.txt 

ForEach($userlist in $users)
{
$user = Get-ADUser $userlist
    $dn= [ADSI](“LDAP://” + $user)
    $acl= $dn.psbase.objectSecurity
    if ($acl.get_AreAccessRulesProtected())
    {
        $isProtected = $false # $false to enable inheritance
                              # $true to disable inheritance
        $preserveInheritance = $true # $true to keep inherited access rules
                                     # $false to remove inherited access rules.
                                     # ignored if isProtected=$false
        $acl.SetAccessRuleProtection($isProtected, $preserveInheritance)
        $dn.psbase.commitchanges()
        Write-Host($user.SamAccountName + "|" + `
                   $user.DistinguishedName + `
                   "|inheritance set to enabled")
    }
    else
    {
        write-host($user.SamAccountName + "|" + `
                   $user.DistinguishedName + `
                   "|inheritance was already enabled - no change")
    }
}

 $AllFolders = Get-ChildItem -Directory -Path "\\server\Share$\" -Force -depth 3
$Results = @()
Foreach ($Folder in $AllFolders) {
$Acl = Get-Acl -Path $Folder.FullName
foreach ($Access in $acl.Access) {
if ($Access.IdentityReference -notlike "BUILTIN\Administrators" -and $Access.IdentityReference -notlike "domain\Domain Admins" -and $Access.IdentityReference -notlike "CREATOR OWNER" -and $access.IdentityReference -notlike "NT AUTHORITY\SYSTEM") {
$Properties = [ordered]@{'FolderName'=$Folder.FullName;'AD Group'=$Access.IdentityReference;'Permissions'=$Access.FileSystemRights;'Inherited'=$Access.IsInherited}
$Results += New-Object -TypeName PSObject -Property $Properties
}
}
}
$Results | Export-Csv -path "C:\temp\FileName - $(Get-Date -format MMyy) b.csv" 
# ReportPermissionsOnMailboxes.PS1
# https://github.com/12Knocksinna/Office365itpros/edit/master/ReportPermissionsOnMailboxes.PS1
# Quick and simple script to generate a report of non-standard permissions applied to Exchange Online user and shared mailboxes
# Needs to be connected to Exchange Online PowerShell with an administrative account to run
# V1.0 25-Feb-2020
CLS
Write-Host "Fetching mailboxes"
$Mbx = Get-ExoMailbox -RecipientTypeDetails UserMailbox, SharedMailbox -Properties RecipientTypeDetails -ResultSize Unlimited

If ($Mbx.Count -eq 0) { Write-Error "No mailboxes found. Script exiting..." -ErrorAction Stop } 
# We have some mailboxes, so we can process them...
CLS
$Report = [System.Collections.Generic.List[Object]]::new() # Create output file 
$ProgressDelta = 100/($Mbx.count); $PercentComplete = 0; $MbxNumber = 0
ForEach ($M in $Mbx) {
    $MbxNumber++
    $MbxStatus = $M.DisplayName + " ["+ $MbxNumber +"/" + $Mbx.Count + "]"
    Write-Progress -Activity "Processing mailbox" -Status $MbxStatus -PercentComplete $PercentComplete
    $PercentComplete += $ProgressDelta
    # REST cmdlet equivalent
    # $Permissions = Get-ExoMailboxPermission -Identity $M.UserPrincipalName | ?  {$_.User -Like "*@*" }   
    $Permissions = Get-MailboxPermission -Identity $M.UserPrincipalName | ? {$_.User -Like "*@*" }    
    If ($Null -ne $Permissions) {
       # Grab each permission and output it into the report
       ForEach ($Permission in $Permissions) {
         $ReportLine  = [PSCustomObject] @{
           Mailbox    = $M.DisplayName
           UPN        = $M.UserPrincipalName
           Permission = $Permission | Select -ExpandProperty AccessRights
           AssignedTo = $Permission.User
           MailboxType = $M.RecipientTypeDetails } 
         $Report.Add($ReportLine) }
     } 
}     
$Report | Sort -Property @{Expression = {$_.MailboxType}; Ascending= $False}, Mailbox | Export-CSV c:\temp\MailboxPermissions.csv -NoTypeInformation
Write-Host "All done." $Mbx.Count "mailboxes scanned. Report of non-standard permissions available in c:\temp\MailboxPermissions.csv"

# An example script used to illustrate a concept. More information about the topic can be found in the Office 365 for IT Pros eBook https://gum.co/O365IT/
# and/or a relevant article on https://office365itpros.com or https://www.petri.com. See our post about the Office 365 for IT Pros repository # https://office365itpros.com/office-365-github-repository/ for information about the scripts we write.

# Do not use our scripts in production until you are satisfied that the code meets the need of your organization. Never run any code downloaded from the Internet without
# first validating the code in a non-production environment.e

https://office365itpros.com/2020/03/16/creating-report-exchange-online-mailbox-permissions/

   get-aduser -filter { passwordNeverExpires -eq $true  -and enabled -eq $true } |select Name,UserPrincipalName,samaccountname

And output to CSV

get-aduser -filter { passwordNeverExpires -eq $true  -and enabled -eq $true } |select Name,UserPrincipalName,samaccountname | Export-csv c:\temp\PassExpires3.csv   

Filter by OU

get-aduser -filter { passwordNeverExpires -eq $true  -and enabled -eq $true }  -searchbase "OU=123,DC=domain,DC=Local" | sort | ft Name,UserPrincipalName,samaccountname