Get permissions of an AD group

Hi Experts.

Need some help with getting permissions of an AD group. I've created a one liner but its not giving me what im looking for, (actually its not pushing out any output at all)

I've been tasked to list the permissions and rights of our Tech team in our Domain and the one liner i have is this

(Get-Acl (Get-ADGroup -Filter `name -eq "TechSupport-EMEA"`).distinguishedname).access | ft identityreference, accessControlType -AutoSize

when run it looks as though its either running or waiting for additional input with the >> on the next line

Is there a better way of getting these permissions for a ADGroup or does the above need some tweaking?

Thanks
damejenAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Zephyr ICTCloud ArchitectCommented:
This one works for me:

Get-Acl -Path "AD:\CN=group-name\#U,OU=some_ou,OU=some_other_ou,DC=domain,DC=local" | Select-Object -ExpandProperty access

Open in new window


I see in your oneliner you have these ` I think they should be replaced with '
0
Manjunath SulladTechnical ConsultantCommented:
You can download Powershell script from below path to collect the required details.

Active Directory OU Permissions Report

http://blogs.technet.com/b/ashleymcglone/archive/2013/03/25/active-directory-ou-permissions-report-free-powershell-script-download.aspx
0
Dan McFaddenSystems EngineerCommented:
First: as spravtek mentioned, you have the incorrect single quote in your command line.

Also when you run the command are you on the "AD" drive?  your command prompt should look like:  PS AD:\>

I was able to run your command successfully like so:

1. open a command prompt as a user with the necessary permissions to access AD
2. run:  import-module activedirectory
3. run:  cd ad:; (Get-Acl(Get-ADGroup -Filter 'name -eq "#SomeAdGroupName#"').DistinguishedName).access | ft identityreference, accessControlType -AutoSize

You could combine the above 2 commands on a single line like so:

Import-Module ActiveDirectory; cd ad:; (Get-Acl(Get-ADGroup -Filter 'name -eq "AG Change.Sec"').DistinguishedName).access | ft identityreference, accessControlType -AutoSize

You can chain multiple single commands with a semi-colon between each command.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Powershell

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.