Get Effective Permissions
Keywords: Get Effective Permissions dsAclGetAces dsGetSecProp ADSI Active Directory ACE DACL OU Group
Question:
I need a script to run that will return the Effective Permissions the user has to an AD object, like an Organization Unit or a group. The script will run as the user and give back the permissions they are allowed on the specified object.
Answer:
Sorry the ADSI Extender doesn't have a built in function to list all the effective permissions. Not as easy as it may sound. You can figure out effective permission using the ADSI extender but the script would not be simple
and you would need a good understanding of how permissions are applied by the system. See dsGetSecProp and dsAclGetAces. A canned tool is the better choice in this case.
Looks like Sysinternals offers a free tool that can be executed from your WinBatch script: http://technet.microsoft.com/en-us/sysinternals/bb664922
Article ID: W17529
Filename: Get Effective Permissions.txt
File Created: 2012:10:26:12:37:44
Last Updated: 2012:10:26:12:37:44