Here you go, but the dsacls in no way looks like the
Advance tap in Security:
Access list:
{This object is protected from inheriting permissions from
the parent}
Effective Permissions on this object are:
Allow NT AUTHORITY\Authenticated Users SPECIAL
ACCESS
READ
PERMISSONS
LIST
CONTENTS
READ
PROPERTY
LIST
OBJECT
Allow BUILTIN\Administrators SPECIAL
ACCESS
DELETE
READ
PERMISSONS
WRITE
PERMISSIONS
CHANGE
OWNERSHIP
CREATE
CHILD
DELETE
CHILD
LIST
CONTENTS
WRITE
SELF
WRITE
PROPERTY
READ
PROPERTY
LIST
OBJECT
CONTROL
ACCESS
Allow HENRYMAYO\Enterprise Admins SPECIAL
ACCESS
READ
PERMISSONS
WRITE
PERMISSIONS
CHANGE
OWNERSHIP
CREATE
CHILD
DELETE
CHILD
LIST
CONTENTS
WRITE
SELF
WRITE
PROPERTY
READ
PROPERTY
LIST
OBJECT
CONTROL
ACCESS
Allow HENRYMAYO\Domain Admins SPECIAL
ACCESS
READ
PERMISSONS
WRITE
PERMISSIONS
CHANGE
OWNERSHIP
CREATE
CHILD
DELETE
CHILD
LIST
CONTENTS
WRITE
SELF
WRITE
PROPERTY
READ
PROPERTY
LIST
OBJECT
CONTROL
ACCESS
Allow NT AUTHORITY\SYSTEM FULL
CONTROL
Allow BUILTIN\Pre-Windows 2000 Compatible Access SPECIAL
ACCESS
READ
PERMISSONS
LIST
CONTENTS
READ
PROPERTY
LIST
OBJECT
Allow HENRYMAYO\Exchange Enterprise Servers SPECIAL
ACCESS
LIST
CONTENTS
Allow BUILTIN\Pre-Windows 2000 Compatible Access SPECIAL
ACCESS for Remote Access Information
READ
PROPERTY
Allow BUILTIN\Pre-Windows 2000 Compatible Access SPECIAL
ACCESS for General Information
READ
PROPERTY
Allow BUILTIN\Pre-Windows 2000 Compatible Access SPECIAL
ACCESS for Group Membership
READ
PROPERTY
Allow BUILTIN\Pre-Windows 2000 Compatible Access SPECIAL
ACCESS for Account Restrictions
READ
PROPERTY
Allow BUILTIN\Pre-Windows 2000 Compatible Access SPECIAL
ACCESS for Logon Information
READ
PROPERTY
Allow HENRYMAYO\Exchange Enterprise Servers SPECIAL
ACCESS for Public Information
WRITE
PROPERTY
READ
PROPERTY
Allow HENRYMAYO\Exchange Enterprise Servers SPECIAL
ACCESS for Personal Information
WRITE
PROPERTY
READ
PROPERTY
Allow HENRYMAYO\Exchange Enterprise Servers SPECIAL
ACCESS for displayName
WRITE
PROPERTY
READ
PROPERTY
Allow Everyone Change
Password
Permissions inherited to subobjects are:
Inherited to all subobjects
Allow HENRYMAYO\Exchange Enterprise Servers SPECIAL
ACCESS
LIST
CONTENTS
Allow HENRYMAYO\Exchange Enterprise Servers SPECIAL
ACCESS for Public Information
WRITE
PROPERTY
READ
PROPERTY
Allow HENRYMAYO\Exchange Enterprise Servers SPECIAL
ACCESS for Personal Information
WRITE
PROPERTY
READ
PROPERTY
Allow HENRYMAYO\Exchange Enterprise Servers SPECIAL
ACCESS for displayName
WRITE
PROPERTY
READ
PROPERTY
The command completed successfully
-----Original Message-----
A simple dsacls dump will show the permissions on a specific object and verify
that nothing is overriding what you think you
accomplished with the GUI. It is