• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1174
  • Last Modified:

search syntax with Get-ADUser

I need a help with the search syntax by using Get-ADUser.

I need the output result of Admin1 showing permissions of object A, object B or object C anywhere in the AD tree..

I know Liza GUI app can this for me but I am trying write something in cli.
0
alisafia
Asked:
alisafia
2 Solutions
 
Krzysztof PytkoActive Directory EngineerCommented:
Get-ADUser would not be so helpful in this case. I would recommend using dsacls command on a Domain Controller. This will display all permissions for specified object in a query.

You may check on that blog some examples of command usage
http://social.technet.microsoft.com/wiki/contents/articles/6477.how-to-view-or-delete-active-directory-delegated-permissions-en-us.aspx

or using PowerShell Get-ACL and Set-ACL cmd-lets
http://blogs.technet.com/b/heyscriptingguy/archive/2012/03/12/use-powershell-to-explore-active-directory-security.aspx

Regards,
Krzysztof
0
 
SubsunCommented:
You can also try with Get-QADPermission from Quest AD cmdlets..
For example..
Get-QADUser username -SecurityMask Dacl | Get-QADPermission -SchemaDefault -Inherited | Where-Object {$_.AccountName -eq "domain\Admin"}

Open in new window

0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now