Active Directory User Properties Security Information

Welcome Forums General PowerShell Q&A Active Directory User Properties Security Information

This topic contains 2 replies, has 2 voices, and was last updated by

1 week, 5 days ago.

  • Author
  • #181644

    Topics: 1
    Replies: 1
    Points: 14
    Rank: Member

    You know when you open a user's properties in Active Directory and there is a security tab.  It is my understanding that this is a user's ACL and it shows security groups that have been applied to a user via methods such as manual assignment, delegation, and GPOs for example.  I am looking for a way to check to see if there is a security group applied to all my users.  So I'm looking for a PS command that will output all users with a specific ACL applied to them and all users that are missing a specific ACL.  I think I could get all my users and their ACLs and then filter this list for a specific applied security group (present or not present).  Thanks for your time and assistance.

  • #181680

    Topics: 6
    Replies: 97
    Points: 239
    Helping Hand
    Rank: Participant

    This should get you started. You'll need to get a list of all users and then run this against each of them to figure out who has the ACL you're looking for.

    PS E:\> (get-acl -path "AD:CN=User1,OU=People,DC=MyDomain,DC=com").access | Where IdentityReference -eq "MyDomain\domain admins"
    ActiveDirectoryRights : CreateChild, DeleteChild, Self, WriteProperty, ExtendedRight, GenericRead, WriteDacl,
    InheritanceType       : None
    ObjectType            : 00000000-0000-0000-0000-000000000000
    InheritedObjectType   : 00000000-0000-0000-0000-000000000000
    ObjectFlags           : None
    AccessControlType     : Allow
    IdentityReference     : MyDomain\Domain Admins
    IsInherited           : False
    InheritanceFlags      : None
    PropagationFlags      : None
    • #181773

      Topics: 1
      Replies: 1
      Points: 14
      Rank: Member

      Thank you Charles for this code.  Can  you tell me how to get a list of users WITH their acl properties?

You must be logged in to reply to this topic.