Solved

Find Active Directory accounts that are not inheriting permissions

Posted on 2016-08-18
3
41 Views
Last Modified: 2016-08-20
HI EE

Does anyone have a Powershell script they can share that will search a list of SamAccountnames and report of which ones
are not inheriting permissions? There is a lot of old accounts we are running into that have this option unchecked .
perms.png
0
Comment
Question by:MilesLogan
3 Comments
 
LVL 12

Accepted Solution

by:
Benjamin Voglar earned 500 total points
ID: 41762039
HI.

I think this is what You'r lookung for:

$Containers = @()
$UserStatuses = @()

"Reading OU List ..."
$Containers = Get-ADOrganizationalUnit -Filter * -Properties * | sort canonicalname | select distinguishedname, canonicalname

"Reading Container List ..."
$Containers += Get-ADObject -SearchBase (Get-ADDomain).distinguishedname -SearchScope OneLevel -LDAPFilter '(objectClass=container)' -Properties * | sort canonicalname | select distinguishedname, canonicalname

foreach($Cntr in $Containers)
{
"Evaluating - " + $Cntr.distinguishedname + " ..."

$UserStatuses += Get-ADUser -Filter * -SearchBase $Cntr.distinguishedname -SearchScope OneLevel -Properties * | where {($_.nTSecurityDescriptor.AreAccessRulesProtected -eq $true) -and ($_.enabled -eq $true)} | select @{n='OU';e={$Cntr.distinguishedname}}, displayname, userprincipalname,samAccountName, @{n='Inheritance Broken';e={$_.nTSecurityDescriptor.AreAccessRulesProtected}}
}

$UserStatuses | export-csv -path UsersWithInheritanceBroken.csv

Open in new window


https://www.linkedin.com/pulse/20140706222606-77590110-powershell-script-to-list-ad-users-with-blocked-inheritnace
0
 
LVL 2

Author Comment

by:MilesLogan
ID: 41763239
Thank you Benjamin , that was exactly what I was looking for .
0
 
LVL 7

Expert Comment

by:Senior IT System Engineer
ID: 41763419
Hi Ben,

From which domain controller I can run that script for better result ?

Is the script read the AD only ? Nothing dangerous ?
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
This article will help you understand what HashTables are and how to use them in PowerShell.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question