Can I query Windows 2003 AD Server to get all users and what permissons they have?

Posted on 2010-09-17
Last Modified: 2012-05-10
Can someone assist me in querying my server for all users and what permissions they have?

Question by:rbonds
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Expert Comment

by:Michael Knight
ID: 33702271
CSVDE will export a spreadsheet with more info than you'd like to know about your AD: 

Expert Comment

ID: 33702338
Absolutly CSVDE is the best way.
LVL 12

Accepted Solution

FDiskWizard earned 500 total points
ID: 33702399
This is a multiple problem. Users can be in groups, that in turn have access to NTFS folder, and other AD objects. So, it is hard to see EVERYTHING they have access to.
You would have to have a dump of folder permissions, and compare.. if you want to know what files they have access to.
From the AD side, is possible to dump access list info. I can't recall exact methods I've used.

Check out this tool (DumpSec):

Expert Comment

by:Michael Knight
ID: 33702607
Yes, DumpACL/DumpSec should give you registry level and file level Access Lists.

Author Closing Comment

ID: 33702905
Great utility! Thanks for the insight.

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Promote Server 2012 R2 on Server 2003 domain 13 77
Making an existing Domain a Child of another Domain 4 33
Setting up two DCs 4 47
Run powershell against OU 7 79
This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question