[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now


Get permissions of an AD group

Posted on 2014-08-19
Medium Priority
Last Modified: 2014-08-19
Hi Experts.

Need some help with getting permissions of an AD group. I've created a one liner but its not giving me what im looking for, (actually its not pushing out any output at all)

I've been tasked to list the permissions and rights of our Tech team in our Domain and the one liner i have is this

(Get-Acl (Get-ADGroup -Filter `name -eq "TechSupport-EMEA"`).distinguishedname).access | ft identityreference, accessControlType -AutoSize

when run it looks as though its either running or waiting for additional input with the >> on the next line

Is there a better way of getting these permissions for a ADGroup or does the above need some tweaking?

Question by:damejen
LVL 25

Expert Comment

by:Zephyr ICT
ID: 40269904
This one works for me:

Get-Acl -Path "AD:\CN=group-name\#U,OU=some_ou,OU=some_other_ou,DC=domain,DC=local" | Select-Object -ExpandProperty access

Open in new window

I see in your oneliner you have these ` I think they should be replaced with '
LVL 11

Expert Comment

by:Manjunath Sullad
ID: 40269935
You can download Powershell script from below path to collect the required details.

Active Directory OU Permissions Report

LVL 29

Accepted Solution

Dan McFadden earned 2000 total points
ID: 40270021
First: as spravtek mentioned, you have the incorrect single quote in your command line.

Also when you run the command are you on the "AD" drive?  your command prompt should look like:  PS AD:\>

I was able to run your command successfully like so:

1. open a command prompt as a user with the necessary permissions to access AD
2. run:  import-module activedirectory
3. run:  cd ad:; (Get-Acl(Get-ADGroup -Filter 'name -eq "#SomeAdGroupName#"').DistinguishedName).access | ft identityreference, accessControlType -AutoSize

You could combine the above 2 commands on a single line like so:

Import-Module ActiveDirectory; cd ad:; (Get-Acl(Get-ADGroup -Filter 'name -eq "AG Change.Sec"').DistinguishedName).access | ft identityreference, accessControlType -AutoSize

You can chain multiple single commands with a semi-colon between each command.

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
In this post, I will showcase the steps for how to create groups in Office 365. Office 365 groups allow for ease of flexibility and collaboration between staff members.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

872 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question