Active Directory User Properties Security Information

Welcome Forums General PowerShell Q&A Active Directory User Properties Security Information

Viewing 1 reply thread
  • Author
    Posts
    • #181644
      Participant
      Topics: 1
      Replies: 1
      Points: 14
      Rank: Member

      You know when you open a user's properties in Active Directory and there is a security tab.  It is my understanding that this is a user's ACL and it shows security groups that have been applied to a user via methods such as manual assignment, delegation, and GPOs for example.  I am looking for a way to check to see if there is a security group applied to all my users.  So I'm looking for a PS command that will output all users with a specific ACL applied to them and all users that are missing a specific ACL.  I think I could get all my users and their ACLs and then filter this list for a specific applied security group (present or not present).  Thanks for your time and assistance.

    • #181680
      Participant
      Topics: 6
      Replies: 108
      Points: 304
      Helping Hand
      Rank: Contributor

      This should get you started. You'll need to get a list of all users and then run this against each of them to figure out who has the ACL you're looking for.

      PS E:\> (get-acl -path "AD:CN=User1,OU=People,DC=MyDomain,DC=com").access | Where IdentityReference -eq "MyDomain\domain admins"
      
      
      ActiveDirectoryRights : CreateChild, DeleteChild, Self, WriteProperty, ExtendedRight, GenericRead, WriteDacl,
                              WriteOwner
      InheritanceType       : None
      ObjectType            : 00000000-0000-0000-0000-000000000000
      InheritedObjectType   : 00000000-0000-0000-0000-000000000000
      ObjectFlags           : None
      AccessControlType     : Allow
      IdentityReference     : MyDomain\Domain Admins
      IsInherited           : False
      InheritanceFlags      : None
      PropagationFlags      : None
      • #181773
        Participant
        Topics: 1
        Replies: 1
        Points: 14
        Rank: Member

        Thank you Charles for this code.  Can  you tell me how to get a list of users WITH their acl properties?

Viewing 1 reply thread
  • The topic ‘Active Directory User Properties Security Information’ is closed to new replies.