question

GarethDavies-1501 avatar image
0 Votes"
GarethDavies-1501 asked GaryReynolds answered

AD security group permissions

I am in the process of cleaning up an inherited AD. To put it simply, it's a mess with no obvious, or even obscure pattern or apparent planning involved in its evolution.
I have numerous security groups in the users container, some are empty so not a problem but others have members and I can't find any permissions set on NTFS shares or in Azure/Office 365.
I would like to be sure there is nothing I have missed so is there any way to pull a report on permissions assigned to a group?

windows-active-directory
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

LimitlessTechnology-2700 avatar image
0 Votes"
LimitlessTechnology-2700 answered

Hello @GarethDavies-1501

I can recommend the next discussion for ideas about a script to pull the information for you:

https://social.technet.microsoft.com/Forums/lync/en-US/5b2a4c00-d67f-41b6-b0e4-f00ae988db5f/powershell-script-to-list-a-servers-users-groups-permissions-etc?forum=winserverpowershell

I usually have this script to tell what are the access to specific directory:

 $FolderPath = Get-ChildItem -Directory -Path "C:\mydirectory" -Recurse -Force
 $Output = @()
 ForEach ($Folder in $FolderPath) {
     $Acl = Get-Acl -Path $Folder.FullName
     ForEach ($Access in $Acl.Access) {
 $Properties = [ordered]@{'Folder Name'=$Folder.FullName;'Group/User'=$Access.IdentityReference;'Permissions'=$Access.FileSystemRights;'Inherited'=$Access.IsInherited}
 $Output += New-Object -TypeName PSObject -Property $Properties            
 }
 }
 $Output | Out-GridView

Hope this helps with your query,


--If the reply is helpful, please Upvote and Accept as answer--

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

GaryReynolds avatar image
0 Votes"
GaryReynolds answered

Hi @GarethDavies-1501

Have a look at this post which provide a simple and fast way to search the AD for any permissions assigned to a user or group.

https://nettools.net/how-to-find-assigned-permissions-in-ad/

Gary.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.