Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 202
  • Last Modified:

AD group right

Is there a way I can export list of users and their rights (reset password, add users and so on) to a specific AD group?

Please advise.

Thanks.
0
nav2567
Asked:
nav2567
2 Solutions
 
nav2567Author Commented:
Sorry, not exactly.  

What I need to know is export who have right to do what in that particular group.

Thanks.
0
 
CoralonCommented:
Access Check is your friend here.. http://technet.microsoft.com/en-us/sysinternals/bb664922

Coralon
0
 
MaheshArchitectCommented:
Try Get-Acl PowerShell cmdlet as per below post
http://blogs.technet.com/b/ashleymcglone/archive/2013/03/25/active-directory-ou-permissions-report-free-powershell-script-download.aspx
It will show you what permissions the particular Group has on OUs

Also export your all GPOs in html format
Get-GPOReport -All -Domain contoso.com -Server DC1 -ReportType Html -Path C:\GPOReports\GPOReportsAll.html

Open in new window

Then open above report in IE and find out if particular group has defined permissions in any  GPO

Alternatively you can check 3rd party product such as
http://www.paramountdefenses.com/products/active-directory-audit-tool/capabilities/acl-viewer-and-exporter.html
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now