Have a look at this post which provide a simple and fast way to search the AD for any permissions assigned to a user or group.
https://nettools.net/how-to-find-assigned-permissions-in-ad/
Gary.
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
I am in the process of cleaning up an inherited AD. To put it simply, it's a mess with no obvious, or even obscure pattern or apparent planning involved in its evolution.
I have numerous security groups in the users container, some are empty so not a problem but others have members and I can't find any permissions set on NTFS shares or in Azure/Office 365.
I would like to be sure there is nothing I have missed so is there any way to pull a report on permissions assigned to a group?
Have a look at this post which provide a simple and fast way to search the AD for any permissions assigned to a user or group.
https://nettools.net/how-to-find-assigned-permissions-in-ad/
Gary.
Hello @Gareth Davies
I can recommend the next discussion for ideas about a script to pull the information for you:
I usually have this script to tell what are the access to specific directory:
$FolderPath = Get-ChildItem -Directory -Path "C:\mydirectory" -Recurse -Force
$Output = @()
ForEach ($Folder in $FolderPath) {
$Acl = Get-Acl -Path $Folder.FullName
ForEach ($Access in $Acl.Access) {
$Properties = [ordered]@{'Folder Name'=$Folder.FullName;'Group/User'=$Access.IdentityReference;'Permissions'=$Access.FileSystemRights;'Inherited'=$Access.IsInherited}
$Output += New-Object -TypeName PSObject -Property $Properties
}
}
$Output | Out-GridView
Hope this helps with your query,
----------
--If the reply is helpful, please Upvote and Accept as answer--