Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

AD group right

Posted on 2014-11-07
5
Medium Priority
?
197 Views
Last Modified: 2014-11-24
Is there a way I can export list of users and their rights (reset password, add users and so on) to a specific AD group?

Please advise.

Thanks.
0
Comment
Question by:nav2567
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 13

Expert Comment

by:Rizzle
ID: 40429597
0
 

Author Comment

by:nav2567
ID: 40429614
Sorry, not exactly.  

What I need to know is export who have right to do what in that particular group.

Thanks.
0
 
LVL 25

Assisted Solution

by:Coralon
Coralon earned 800 total points
ID: 40431965
Access Check is your friend here.. http://technet.microsoft.com/en-us/sysinternals/bb664922

Coralon
0
 
LVL 37

Accepted Solution

by:
Mahesh earned 1200 total points
ID: 40431994
Try Get-Acl PowerShell cmdlet as per below post
http://blogs.technet.com/b/ashleymcglone/archive/2013/03/25/active-directory-ou-permissions-report-free-powershell-script-download.aspx
It will show you what permissions the particular Group has on OUs

Also export your all GPOs in html format
Get-GPOReport -All -Domain contoso.com -Server DC1 -ReportType Html -Path C:\GPOReports\GPOReportsAll.html

Open in new window

Then open above report in IE and find out if particular group has defined permissions in any  GPO

Alternatively you can check 3rd party product such as
http://www.paramountdefenses.com/products/active-directory-audit-tool/capabilities/acl-viewer-and-exporter.html
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

704 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question