Get permissions of an AD group

Posted on 2014-08-19
Last Modified: 2014-08-19
Hi Experts.

Need some help with getting permissions of an AD group. I've created a one liner but its not giving me what im looking for, (actually its not pushing out any output at all)

I've been tasked to list the permissions and rights of our Tech team in our Domain and the one liner i have is this

(Get-Acl (Get-ADGroup -Filter `name -eq "TechSupport-EMEA"`).distinguishedname).access | ft identityreference, accessControlType -AutoSize

when run it looks as though its either running or waiting for additional input with the >> on the next line

Is there a better way of getting these permissions for a ADGroup or does the above need some tweaking?

Question by:damejen
    LVL 25

    Expert Comment

    by:Zephyr ICT
    This one works for me:

    Get-Acl -Path "AD:\CN=group-name\#U,OU=some_ou,OU=some_other_ou,DC=domain,DC=local" | Select-Object -ExpandProperty access

    Open in new window

    I see in your oneliner you have these ` I think they should be replaced with '
    LVL 11

    Expert Comment

    by:Manjunath Sullad
    You can download Powershell script from below path to collect the required details.

    Active Directory OU Permissions Report
    LVL 25

    Accepted Solution

    First: as spravtek mentioned, you have the incorrect single quote in your command line.

    Also when you run the command are you on the "AD" drive?  your command prompt should look like:  PS AD:\>

    I was able to run your command successfully like so:

    1. open a command prompt as a user with the necessary permissions to access AD
    2. run:  import-module activedirectory
    3. run:  cd ad:; (Get-Acl(Get-ADGroup -Filter 'name -eq "#SomeAdGroupName#"').DistinguishedName).access | ft identityreference, accessControlType -AutoSize

    You could combine the above 2 commands on a single line like so:

    Import-Module ActiveDirectory; cd ad:; (Get-Acl(Get-ADGroup -Filter 'name -eq "AG Change.Sec"').DistinguishedName).access | ft identityreference, accessControlType -AutoSize

    You can chain multiple single commands with a semi-colon between each command.

    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    Join & Write a Comment

    Microsoft Windows Server Update Service (WSUS) is free for everyone, but it lacks of some desirable features like send an e-mail to the administrator with the status of all computers on the WSUS server. This article is based on my PowerShell script …
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
    This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

    732 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    23 Experts available now in Live!

    Get 1:1 Help Now