How do I export active directory delegation permissions & rights?

create link server from your SQL 2005: http://msdn2.microsoft.com/en-us/library/aa772380(VS.85).aspx

from there you can query it.

This question has been asked before - I do not know of any tool that is bale to do this.
The recommendation is always to create groups and delegate to the group, that way delegtions are much easier to manage and control

bale = able !

ie

This question has been asked before - I do not know of any tool that is able to do this.
The recommendation is always to create groups and delegate to the group, that way delegtions are much easier to manage and control

hi faiga16,

I have just noticed that my question was also posted in SQL 2005 zone by accident :)
I read the article, and it seems too complicated for me as I have only a little knowledge on SQL.  The query example is only exporting AD attributes of a user object.  Perhaps you can help to construct a query to export the permissions?

What I need is to audit the permissions or delegation on each and every OUs. For example, on an OU called "MyOU" I need to find out who has the rights to change the user password, who has the rights to move user's mailbox, who has the rights to write into a specific AD attributes, and so on.

hi KCTS,  I agree with you. The thing is that I have just inherited this new domain, so I need to review/audit the existing permissions delegation and do the necessary changes.

I don't think its possible - I would love to pe proved wrong :-)

You can of course examine the ACLs on the Active Directory - but its going to be tedious

So I have to manually check the permissions on each and every OU?  :-(

If anyone has a another way I would very much like to know myself ;-)

Me too.

I'm in the same boat - need to audit all the permissions on directories and files. Hope a good answer comes up. I'll be looking at that script closer.