Reporting Per ACE Per User Permission on AD Objects

Frequent Contributor

I have a requirement where i have to find out for few user accounts what all permissions do they have on/in the AD forest-domain,

I intend run a check that touches ntsecuritydescriptor attribute on every object in the domain and if the username does exists on the object in the ACEs only those should be printed on the screen or exported to excel for even better sorting when checking permissions for multiple users,

I need your help on this, i want the data to 1 row should show object DN (for which ACE is interpreted) what kind of right/property/permission it is, is it inherited, is it the explicit / implicit entry, i mean after generating this output there should be no need to look at any other report using any other tool

1 Reply

Yes i am now trying AdAclScanner powershell script at this point this tool has both GUI and commandline options

.\ADACLSCAN.ps1 -Base "DC=XX,DC=com" -Filter "(&(objectclass=* or AdminCount=1 or whatever))" -Scope subtree -EffectiveRightsPrincipal ALICE  -Output HTML -Show

Related Conversations
Tabs and Dark Mode
cjc2112 in Discussions on
38 Replies
Extentions Synchronization
Deleted in Discussions on
3 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
29 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
13 Replies