Forum Discussion

Himanshu Singh's avatar
Himanshu Singh
Iron Contributor
Apr 18, 2018
Solved

Reporting Per ACE Per User Permission on AD Objects

I have a requirement where i have to find out for few user accounts what all permissions do they have on/in the AD forest-domain, I intend run a check that touches ntsecuritydescriptor attribute on ...
AD DACL Permission Reporting
  • Himanshu Singh's avatar
    Himanshu Singh
    Apr 19, 2018

    Yes i am now trying AdAclScanner powershell script at this point this tool has both GUI and commandline options

    .\ADACLSCAN.ps1 -Base "DC=XX,DC=com" -Filter "(&(objectclass=* or AdminCount=1 or whatever))" -Scope subtree -EffectiveRightsPrincipal ALICE  -Output HTML -Show

Himanshu Singh's avatar
Himanshu Singh
Iron Contributor
Apr 19, 2018

Yes i am now trying AdAclScanner powershell script at this point this tool has both GUI and commandline options

.\ADACLSCAN.ps1 -Base "DC=XX,DC=com" -Filter "(&(objectclass=* or AdminCount=1 or whatever))" -Scope subtree -EffectiveRightsPrincipal ALICE  -Output HTML -Show

Resources