Solved

AD group right

Posted on 2014-11-07
5
173 Views
Last Modified: 2014-11-24
Is there a way I can export list of users and their rights (reset password, add users and so on) to a specific AD group?

Please advise.

Thanks.
0
Comment
Question by:nav2567
5 Comments
 
LVL 13

Expert Comment

by:Rizzle
Comment Utility
0
 

Author Comment

by:nav2567
Comment Utility
Sorry, not exactly.  

What I need to know is export who have right to do what in that particular group.

Thanks.
0
 
LVL 23

Assisted Solution

by:Coralon
Coralon earned 200 total points
Comment Utility
Access Check is your friend here.. http://technet.microsoft.com/en-us/sysinternals/bb664922

Coralon
0
 
LVL 35

Accepted Solution

by:
Mahesh earned 300 total points
Comment Utility
Try Get-Acl PowerShell cmdlet as per below post
http://blogs.technet.com/b/ashleymcglone/archive/2013/03/25/active-directory-ou-permissions-report-free-powershell-script-download.aspx
It will show you what permissions the particular Group has on OUs

Also export your all GPOs in html format
Get-GPOReport -All -Domain contoso.com -Server DC1 -ReportType Html -Path C:\GPOReports\GPOReportsAll.html

Open in new window

Then open above report in IE and find out if particular group has defined permissions in any  GPO

Alternatively you can check 3rd party product such as
http://www.paramountdefenses.com/products/active-directory-audit-tool/capabilities/acl-viewer-and-exporter.html
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Microsoft Windows Server Update Service (WSUS) is free for everyone, but it lacks of some desirable features like send an e-mail to the administrator with the status of all computers on the WSUS server. This article is based on my PowerShell script …
Resolve DNS query failed errors for Exchange
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now