This article is about searching delegated permissions (password reset) in Active Directory.
The following situation: You "inherit" a new customer. Now you would like to know, did the "predecessor" work with delegated permissions? For example, a person/group in an organizational unit was authorized to reset the password for all users in this OU. Honestly, this is a difficult task to determine.
Not only does Microsoft hide them in Users and Computers by default, but there is no built-in tool to get an overview of how permissions have been applied in AD. Now the PowerShell comes into play.
I have run the script on a domain controller and the output appears in out-gridview format (if there is a match). Please do not forget to adjust the ldap path in the script.