Solved

Can I query Windows 2003 AD Server to get all users and what permissons they have?

Posted on 2010-09-17
5
397 Views
Last Modified: 2012-05-10
Can someone assist me in querying my server for all users and what permissions they have?

Thanks
0
Comment
Question by:rbonds
5 Comments
 
LVL 9

Expert Comment

by:Michael Knight
ID: 33702271
CSVDE will export a spreadsheet with more info than you'd like to know about your AD:
http://www.computerperformance.co.uk/Logon/Logon_CSVDE_Export.htm 
0
 
LVL 3

Expert Comment

by:latchways
ID: 33702338
Absolutly CSVDE is the best way.
0
 
LVL 12

Accepted Solution

by:
FDiskWizard earned 500 total points
ID: 33702399
This is a multiple problem. Users can be in groups, that in turn have access to NTFS folder, and other AD objects. So, it is hard to see EVERYTHING they have access to.
You would have to have a dump of folder permissions, and compare.. if you want to know what files they have access to.
From the AD side, is possible to dump access list info. I can't recall exact methods I've used.

Check out this tool (DumpSec):
http://www.systemtools.com/somarsoft/?somarsoft.com
0
 
LVL 9

Expert Comment

by:Michael Knight
ID: 33702607
Yes, DumpACL/DumpSec should give you registry level and file level Access Lists.
0
 

Author Closing Comment

by:rbonds
ID: 33702905
Great utility! Thanks for the insight.
0

Featured Post

Free Webinar: AWS Backup & DR

Join our upcoming webinar with experts from AWS, CloudBerry Lab, and the Town of Edgartown IT to discuss best practices for simplifying online backup management and cutting costs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

713 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question