Is there a "tool" available that will reverse engineer the effective permissions for a user for a particular AD object?
Using AD Management object it is simple to access the effective permissions for a particular user on a particular object. Is there a tool that will reverse the effective permissions and detail how the permission is assigned, ie via which group membership and at which level of the OU structure?
Using the AD Management Snap In is not an option as the number of group memberships combined with group nesting and OU structure make too many options to check. Coding a solution is not desireable.