Script AD Group memberships and access rights

Hi there,

I need to find a way of listing all the members of my Windows 2000 active directory groups and then to scan our file, print and application servers to find out where each group has access. would anybody know of such a script or scripts? All help greatly appreciated.

Thanks
Invirl
invirlAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

star_trekCommented:
Microsoft script repository to find the group memberships
http://www.microsoft.com/technet/technetmag/issues/2006/03/ScriptingGuy/default.aspx
0
invirlAuthor Commented:
thanks but that only partially (maybe 20%) answers my question. What I'm really trying to achieve here is to find out who has access where without having to manually check the file permissions on each my my shared folders. Perhaps there's an application that I'm not aware of which can do this for me?
0
star_trekCommented:
Yes you can view the ACLs on a the shared folders. You can do in two ways. Use CACLS.EXE or register AdsSecurity.dll and use it in vbscripts or jscripts

For CACLS.EXE
http://www.ss64.com/nt/cacls.html

For Security Descriptor:

Look at the following technet links where you can see different commands with example code to view and modify ACLs
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/adsi/adsi/iadssecurityutility.asp
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/adsi/adsi/iadssecurityutility_getsecuritydescriptor.asp
To analyze the access: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secauthz/security/access_mask.asp


So to answer your whole question you need to write a script that reads the group memberships of a user and also find the permissions on a shared folder using above VBScript commands.

But I don't think there is anyother tool that would read both the group memberships and also the ACLs
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows 2000

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.