?
Solved

AD access audit

Posted on 2012-04-02
9
Medium Priority
?
371 Views
Last Modified: 2012-04-03
Is there any easy way or even any way (easy or not) to specify either a user or group as a parameter and see what resources (ACL) they have access to on a given server/domain? It sounds like something someone must have designed a tool or script for but I cant seem to find anything.
0
Comment
Question by:pma111
  • 4
  • 3
  • 2
9 Comments
 
LVL 35

Accepted Solution

by:
Joseph Daly earned 1000 total points
ID: 37796618
You will want to use DSrevoke for this.

http://www.microsoft.com/download/en/details.aspx?id=19288 

The command will be similar to below.

dsrevoke /report /domain:domainname domainname\username or group.
0
 
LVL 3

Author Comment

by:pma111
ID: 37796620
I think I may have got my request wording wrong, Im on about access to files on file shares/directories.
0
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 1000 total points
ID: 37796722
There are actually a fair amount of good free tools that can help you figure out what permissions are there

NTFS permissions reporter is the new guy in town

http://www.cjwdev.co.uk/Software/NtfsReports/Info.html

Haven't used that tool a lot yet but I've used his adtools and those are good so I'm guessing this one is just as good.   You get a lot for a free tool

http://www.systemtools.com/somarsoft/?somarsoft.com
dumpsec is an oldie but goodie, dumps reports into excel for you, another free tool, used this a lot

 http://www.solarwinds.com/products/freetools/permissions_analyzer_for_active_directory/

solar winds is ok, another free tool, I wish it didn't have the name Active Directory because it goes through NTFS not AD permissions.

What you are doing is the right thing, look what is there now and then carefully plan the restructuring.

You won't be a junior admin for long :)

Thanks

Mike
0
Easily manage email signatures in Office 365

Managing email signatures in Office 365 can be a challenging task if you don't have the right tool. CodeTwo Email Signatures for Office 365 will help you implement a unified email signature look, no matter what email client is used by users. Test it for free!

 
LVL 35

Expert Comment

by:Joseph Daly
ID: 37796906
Id second dumpsec for the security permissions as well. Enumerating permissions, especially on larger shares, can be a painful process. So far dumpsec has been the best solution I have found for it. Good luck.
0
 
LVL 3

Author Comment

by:pma111
ID: 37797475
Thanks both, is the best we are going to get be one where username/share is specified as a parameter - as opposed to "for all our servers here is who can access what" in a form of monster report?
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 37797744
There are some filter options in NTFS Reports that can help but not to search across all file servers like that.

Thanks

Mike
0
 
LVL 3

Author Comment

by:pma111
ID: 37797751
Ok mike - can you clarify what the filters can offer?
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 37797758
There are 11 filters, can't type them all out right now but you can download it and check them out.  Note to use all the filters you do need the full version

Thanks


Mike
0
 
LVL 3

Author Comment

by:pma111
ID: 37799791
Will split points, your input into this thread always welcome:

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Q_27659927.html
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

589 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question