Solved

AD group right

Posted on 2014-11-07
5
185 Views
Last Modified: 2014-11-24
Is there a way I can export list of users and their rights (reset password, add users and so on) to a specific AD group?

Please advise.

Thanks.
0
Comment
Question by:nav2567
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 13

Expert Comment

by:Rizzle
ID: 40429597
0
 

Author Comment

by:nav2567
ID: 40429614
Sorry, not exactly.  

What I need to know is export who have right to do what in that particular group.

Thanks.
0
 
LVL 25

Assisted Solution

by:Coralon
Coralon earned 200 total points
ID: 40431965
Access Check is your friend here.. http://technet.microsoft.com/en-us/sysinternals/bb664922

Coralon
0
 
LVL 37

Accepted Solution

by:
Mahesh earned 300 total points
ID: 40431994
Try Get-Acl PowerShell cmdlet as per below post
http://blogs.technet.com/b/ashleymcglone/archive/2013/03/25/active-directory-ou-permissions-report-free-powershell-script-download.aspx
It will show you what permissions the particular Group has on OUs

Also export your all GPOs in html format
Get-GPOReport -All -Domain contoso.com -Server DC1 -ReportType Html -Path C:\GPOReports\GPOReportsAll.html

Open in new window

Then open above report in IE and find out if particular group has defined permissions in any  GPO

Alternatively you can check 3rd party product such as
http://www.paramountdefenses.com/products/active-directory-audit-tool/capabilities/acl-viewer-and-exporter.html
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

With User Account Control (UAC) enabled in Windows 7, one needs to open an elevated Command Prompt in order to run scripts under administrative privileges. Although the elevated Command Prompt accomplishes the task, the question How to run as script…
Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question