FHolden
asked on
Extended Permissions in AD
Does anyone know how to go about searching for users that have the ms-EXCH-EPI-May-Impersonat e right in AD?
Try http://joeware.net/freetools/tools/adfind/index.htm
ASKER
I was thinking more a code solution, I have yet to find anyway using AD Services to find that particular permission.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
> I was thinking more a code solution
Using what language?
I have a PowerShell script that will enumerate extended rights here:
http://www.indented.co.uk/index.php/2009/10/02/get-dsacl/
Chris
ASKER
@PFoeckeler: Thanks this was exactly what I was looking for, should be easy to translate to C#
@Chris-Dent: This is a C# project, powershell is very usefull but not the enviornment that I'm dealing with just now.
@Chris-Dent: This is a C# project, powershell is very usefull but not the enviornment that I'm dealing with just now.
Fair enough. If you have trouble translating do come back, I should be able to show you how to enumerate extended rights in C#.
Chris
If you want to translate the VBScript into a .NET language, the biggest difference will be the LDAP search, it is rather complicated in vbscript (-> ADO Search with ADSDSOObject), but rather easy with C#, C++, VB whatever... (-> System.DirectoryServices, use the DirectorySearcher here).
Philipp
Philipp
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for the pointer Chris