Hello I'm searching for a way to list the permissions and extended permissions on my active directory root.
I've tried with the get-acl command and some others, but I’m not able to get it. Is it the correct way?
List extended permissions on AD
Hello @RubenVazquez-7903,
Have you tried the script I provided?
Would you please tell me how things are going on your side. If you have any questions or concerns about the information I provided, please don't hesitate to let us know.
Again thanks for your time and have a nice day!
Best Regards,
Daisy Zhou
Hello @RubenVazquez-7903,
I'm just following up to make sure you received my last reply and that my answers properly address your questions. If you have any further questions or concerns about this case, please let me know.
Have a nice day!
Best Regards,
Daisy Zhou
Hello RubenVazquez-7903,
Thank you for posting here.
We can try the PowerShell script in attachment export-permissions.txt, and it works in my lab.
1.Open PowerShell ISE (run as administrator) and copy the PS script in it.
2.We should change the domain name and export path in your AD environment.
3.And click run button.
4.Open the export file and check the permissions.
Hope the information above is help. If anything is unclear, please feel free to let us know.
Best Regards,
Daisy Zhou
Hi,
You can also use the following command :
(get-acl (Get-ADOrganizationalUnit -Filter {name -eq “DomainName”}).distinguishedname).access | ft identityreference, accessControlType –AutoSize
##############################""
dsacls “dc=domain,dc=com”
You can refer to the following link to get more details:
https://devblogs.microsoft.com/scripting/use-powershell-to-explore-active-directory-security/
2 people are following this question.
