MS tool to capture AD account domain privs?

%3CLINGO-SUB%20id%3D%22lingo-sub-917563%22%20slang%3D%22en-US%22%3EMS%20tool%20to%20capture%20AD%20account%20domain%20privs%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-917563%22%20slang%3D%22en-US%22%3E%3CP%3EDoes%20MS%20make%20a%20utility%2Ftool%20that%20can%20capture%20a%20domain%20account's%20access%3F%20In%20other%20words%20we%20have%20a%20programmer%20that%20is%20creating%20a%20PS%20script%20that%20will%20go%20out%20and%20capture%20information%20on%20user%20accounts%20and%20report.%20While%20we%20know%20domain%20admin%20privs%20will%20allow%20a%20%22service%22%20account%20to%20perform%20this%20task%20I%20was%20wondering%20if%20there%20was%20a%20tool%20of%20sorts%20that%20could%20show%20us%20exactly%20what%20permissions%20were%20needed%20so%20we%20could%20scale%20back%20access%20but%20at%20the%20same%20time%20not%20prevent%20the%20script%20from%20being%20successful.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIdeas%20are%20appreciated.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-917563%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EActive%20Directory%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EPowerShell%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EWindows%20Server%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Highlighted
Occasional Visitor

Does MS make a utility/tool that can capture a domain account's access? In other words we have a programmer that is creating a PS script that will go out and capture information on user accounts and report. While we know domain admin privs will allow a "service" account to perform this task I was wondering if there was a tool of sorts that could show us exactly what permissions were needed so we could scale back access but at the same time not prevent the script from being successful. 

 

Ideas are appreciated. 

1 Reply
Highlighted