?
Solved

Can I query Windows 2003 AD Server to get all users and what permissons they have?

Posted on 2010-09-17
5
Medium Priority
?
402 Views
Last Modified: 2012-05-10
Can someone assist me in querying my server for all users and what permissions they have?

Thanks
0
Comment
Question by:rbonds
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 9

Expert Comment

by:Michael Knight
ID: 33702271
CSVDE will export a spreadsheet with more info than you'd like to know about your AD:
http://www.computerperformance.co.uk/Logon/Logon_CSVDE_Export.htm 
0
 
LVL 3

Expert Comment

by:latchways
ID: 33702338
Absolutly CSVDE is the best way.
0
 
LVL 12

Accepted Solution

by:
FDiskWizard earned 2000 total points
ID: 33702399
This is a multiple problem. Users can be in groups, that in turn have access to NTFS folder, and other AD objects. So, it is hard to see EVERYTHING they have access to.
You would have to have a dump of folder permissions, and compare.. if you want to know what files they have access to.
From the AD side, is possible to dump access list info. I can't recall exact methods I've used.

Check out this tool (DumpSec):
http://www.systemtools.com/somarsoft/?somarsoft.com
0
 
LVL 9

Expert Comment

by:Michael Knight
ID: 33702607
Yes, DumpACL/DumpSec should give you registry level and file level Access Lists.
0
 

Author Closing Comment

by:rbonds
ID: 33702905
Great utility! Thanks for the insight.
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Suggested Courses

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question