Sdcheck Overview

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Tool Location

The Sdcheck command-line tool is included when you install Windows Server 2003 Support Tools from the product CD or from the Microsoft Download Center (https://go.microsoft.com/fwlink/?LinkId=100114). For more information about how to install Windows Support Tools from the product CD, see Install Windows Support Tools (https://go.microsoft.com/fwlink/?LinkId=62270).

Sdcheck.exe: Security Descriptor Check Utility

This command-line tool displays the security descriptor for any object stored in Active Directory. The security descriptor contains the access control lists (ACLs) defining the permissions that users have on objects stored in Active Directory.

Notes

  • You must run SDCheck from a command window.

  • To enable administrators to determine the effective access controls on an object, SDCheck also displays the object hierarchy and any ACLs that are inherited by the object from its parent.

  • As changes are made to the ACLs of an object or its parent, these changes are propagated automatically by Active Directory. SDCheck displays the security descriptor propagation metadata, so that administrators can monitor these changes with respect to propagation of inherited ACLs, as well as replication of ACLs from other domain controllers.

  • As a complement to the replication monitoring tools (Repadmin.exe and Replmon.exe), SDCheck can be used to ensure that domain controllers are up-to-date with one another.

Corresponding UI

There is no corresponding user interface for this tool.

Concepts

Every container and object on the network or in Active Directory has a set of access control information attached to it, known as a security descriptor. A security descriptor contains the security information associated with a securable object. In Windows Server 2003 operating systems, the security descriptor is automatically created when an object is created.

System Requirements

The following are the system requirements for SDCheck:

  • Windows Server 2003 or Windows XP Professional

File Required

  • Sdcheck.exe

See Also

Concepts

Sdcheck Remarks Sdcheck Syntax Sdcheck Examples Alphabetical List of Tools Xcacls Overview Sidwkr.dll Sidwalker Security Administration Tools Sidwalk Overview Showaccs Overview Sdcheck Overview Ktpass Overview Ksetup Overview Getsid Overview Addiag.exe Search Overview Replmon Overview Repadmin Overview Movetree.exe Ldp Overview Dsastat Overview Clonepr Overview ADSI Edit (adsiedit.msc) Acldiag Overview