AD security group permissions

Question

I am in the process of cleaning up an inherited AD. To put it simply, it's a mess with no obvious, or even obscure pattern or apparent planning involved in its evolution.
I have numerous security groups in the users container, some are empty so not a problem but others have members and I can't find any permissions set on NTFS shares or in Azure/Office 365.
I would like to be sure there is nothing I have missed so is there any way to pull a report on permissions assigned to a group?

Answer 1

Hello @Gareth Davies

I can recommend the next discussion for ideas about a script to pull the information for you:

https://social.technet.microsoft.com/Forums/lync/en-US/5b2a4c00-d67f-41b6-b0e4-f00ae988db5f/powershell-script-to-list-a-servers-users-groups-permissions-etc?forum=winserverpowershell

I usually have this script to tell what are the access to specific directory:

$FolderPath = Get-ChildItem -Directory -Path "C:\mydirectory" -Recurse -Force  
$Output = @()  
ForEach ($Folder in $FolderPath) {  
    $Acl = Get-Acl -Path $Folder.FullName  
    ForEach ($Access in $Acl.Access) {  
$Properties = [ordered]@{'Folder Name'=$Folder.FullName;'Group/User'=$Access.IdentityReference;'Permissions'=$Access.FileSystemRights;'Inherited'=$Access.IsInherited}  
$Output += New-Object -TypeName PSObject -Property $Properties              
}  
}  
$Output | Out-GridView  

Hope this helps with your query,

----------

--If the reply is helpful, please Upvote and Accept as answer--

Answer 2

Hi @Gareth Davies

Have a look at this post which provide a simple and fast way to search the AD for any permissions assigned to a user or group.

https://nettools.net/how-to-find-assigned-permissions-in-ad/

Gary.