function  EnumFolders($tld)
{	$a = New-Object -ComObject Scripting.FileSystemObject

    $parentacl = get-acl -Path $a.GetFolder($tld.fullname).ShortPath
	$ParentAccessRules = $parentacl.GetAccessRules($true, $true, [System.Security.Principal.NTAccount])      # Report explicit and inherited, as NTAccount (not SIDs)

	$objects = $null
	$objects = get-childitem -Path $tld.fullname | where{$_.PSIsContainer}
	if ($objects -ne $null)
	{
		
		foreach ($object in $objects)
		{
			if ($object -is [System.IO.DirectoryInfo])
			{
				$FullName = $a.GetFolder($object.fullname).ShortPath
				$acl = get-acl -Path $FullName
				$accessRules = $acl.GetAccessRules($false, $true, [System.Security.Principal.NTAccount])      # Report only inherited, as NTAccount (not SIDs)

				# write-output ($object.fullname) | out-file $Filename -append

				foreach ($accessRule in $accessRules)
				{
					$InheritedFromParent = $false

					foreach ($parentAccessRule in $ParentAccessRules)
					{
					  if ($accessRule.IdentityReference -eq $parentAccessRule.IdentityReference) { $InheritedFromParent = $true }
					}

					if (!$InheritedFromParent)
					{
						$fullpath=$a.GetFolder($object.fullname).path
						$identity = $AccessRule.IdentityReference.ToString()
						write-output ("The ACE for '$identity' on '$fullpath' is broken") | out-file $Filename -append
					}
			   
				  }
			}
            EnumFolders $object
		}
	}
}


$root = ""

if ($args.count -eq 2) {
  for ($i = 0; $i -le $args.count-1; $i+=2) {
    if ($args[$i].ToLower().Contains("-p")) {
      $root = $args[$i+1]
    }
  }
}

$lettera=$root[0]

$filename = "d:\LOG_MOVES\Log_{0:yyyyMMdd-HHmm}_$lettera.log" -f (Get-Date)

$dataadesso = get-date
write-output $dataadesso | out-file $filename -append

if ($root -eq "") {
  write-host "Please specify a root directory to begin the search" -foregroundcolor "magenta"

  exit 2
}

Enumfolders (Get-Item $root) 

$dataadesso = get-date 

write-output $dataadesso | out-file $filename -append

exit 0