Is there a tool that can list the permissions on Active Directory (i.e. who has permissions to perfrom different taks such as change passwords, add groups, etc)?
Iam not aware of any AD tool that does that but there are some third - party
tools that you can use to manage, audit, troubleshoot the file/foler etc
level permissions. For ex: you can use the netiq FSA which gives you an
overall preview of ntfs and share permissions on the file/folders etc. you
can download a trial and try it out in you lab environment.
-Jim
Timboi said:
Is there a tool that can list the permissions on Active Directory (i.e.
Well the first thing to keep in mind that that can be set very granular in AD.
You can look at the ACL's (the security list that says who can do what to whom
or what) via the command line tool DSACLS or you can look at it in a GUI way via
Active Directory Users and Computers. As for creating say a report... You would
have to look at something like Active Roles from Quest/FastLane.
