" List the permissions for a specific user / security group on a specific Active Directory object. "
You probably already know the dsacls command.
But let us face it: it is too much verbose and hard to filter.
Powershell is the key, once more.
On the Indeted! blog, the author explains us its Get-DsAcl powershell implementation.
Here is an example to display the FIMcmCertmgrs rights on the objects named FIMcmUsers : (which in our case is a security group):
Get-DSAcl -searchRoot "DC=contoso,DC=com" -LdapFilter "(name=FIMcmUsers)" select-string FIMcmCertmgrs
Output:
View Fabien DUCHENE's profile
No comments:
Post a Comment