Script or free tool to enumerate AD OU permissions

[Fut Dey]

Hi,

Does anyone have a script or know of a free tool to enumerate permissions set in the Active Directory OUs?

We're trying to document the permissions in our AD tree.

Carl Webster has a pretty nice script but the script doesn't seem to include permissions.

Thanks in advance.

Regards,
Fut

[Kurt Buff, GSEC/GCIH/PCIP]

Many, many...

https://www.netwrix.com/how_to_generate_active_directory_ou_permissions_report.html

https://community.spiceworks.com/how_to/149278-how-to-get-an-active-directory-ou-permissions-report

https://www.easy365manager.com/how-to-document-ou-delegation/

Kurt

> --
> You received this message because you are subscribed to the Google Groups "ntsysadmin" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to ntsysadmin+...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/ntsysadmin/CO6PR06MB7300D57521EE5F5F21B35849888D9%40CO6PR06MB7300.namprd06.prod.outlook.com.

[Fut Dey]

Thanks Kurt.

Will check them out.

Regards,

Fut

---

From: ntsys...@googlegroups.com <ntsys...@googlegroups.com> on behalf of Kurt Buff, GSEC/GCIH/PCIP <kurt...@gmail.com>
Sent: Wednesday, February 10, 2021 12:52 PM
To: ntsys...@googlegroups.com <ntsys...@googlegroups.com>
Subject: Re: [ntsysadmin] Script or free tool to enumerate AD OU permissions

 

To view this discussion on the web visit https://groups.google.com/d/msgid/ntsysadmin/CADy1Ce4QvA5tn21xDWv47X%2Bdt_iQiJGfhFzH5zMh7Km6jS83nw%40mail.gmail.com.

[Michael B. Smith]

Carl and I discussed adding permissions to the OU report (optionally part of both AD reports), but the report is ALREADY huge for medium and large companies.

Since it's easy to generate with PS, we decided to leave it out.

-----Original Message-----
From: ntsys...@googlegroups.com <ntsys...@googlegroups.com> On Behalf Of Kurt Buff, GSEC/GCIH/PCIP
Sent: Wednesday, February 10, 2021 3:52 PM
To: ntsys...@googlegroups.com
Subject: Re: [ntsysadmin] Script or free tool to enumerate AD OU permissions

To view this discussion on the web visit https://groups.google.com/d/msgid/ntsysadmin/CADy1Ce4QvA5tn21xDWv47X%2Bdt_iQiJGfhFzH5zMh7Km6jS83nw%40mail.gmail.com.

[Kurt Buff, GSEC/GCIH/PCIP]

That makes sense.

> To view this discussion on the web visit https://groups.google.com/d/msgid/ntsysadmin/ba7565e40576452f8a4c76795fed637d%40smithcons.com.

[Denes, Laszlo]

I have used these in the past… not bad…

http://www.cjwdev.co.uk/Software.html

 

http://www.cjwdev.co.uk/Software/NtfsReports/Info.html

NTFS Permissions Reporter

A tool for reporting on NTFS permissions across multiple directories and servers. Produce a report of all permissions or filter results to show only locations that match specific criteria, such as locations that only a specific user or group has access to.

 

http://www.cjwdev.co.uk/Software/ADPermissionsReporter/Info.html

AD Permissions Reporter

Allows you to easily report on security permissions on OUs and other objects in your Active Directory domain. Document permissions on every object in the domain or use the powerful filtering capabilities to only include very specific permission configurations or certain types of objects.

 

Laszlo Denes

Technical Analyst Servers

Information Systems

t: ext. 214

lde...@torontograce.org

 

From: ntsys...@googlegroups.com [mailto:ntsys...@googlegroups.com] On Behalf Of Fut Dey
Sent: Wednesday, February 10, 2021 3:48 PM
To: ntsys...@googlegroups.com
Subject: [ntsysadmin] Script or free tool to enumerate AD OU permissions

 

CAUTION: External mail. Do not open attachments or click links that you do not trust.

--

You received this message because you are subscribed to the Google Groups "ntsysadmin" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ntsysadmin+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ntsysadmin/CO6PR06MB7300D57521EE5F5F21B35849888D9%40CO6PR06MB7300.namprd06.prod.outlook.com.

________________________________________
NOTICE: This message, including any attachments, may contain privileged or confidential information and is intended for use only by the individual to whom it is specifically addressed (or those responsible for the delivery of the message to such person). Any distribution, copying or disclosure is strictly prohibited without the written consent of the sender. If you are not the intended recipient or have received this message in error, please notify us by reply email and permanently delete the original transmission from us. Thank you for your cooperation. If you have any questions about this message please contact the Information Systems Department, Salvation Army Toronto Grace Health Centre, 650 Church St., Toronto, ON M4Y 2G5. Phone: (416) 925-2251

[Heaton, Joseph@Wildlife]

We love the NTFS Reporter.  Great tool, but can make HUGE excel reports…

 

From: ntsys...@googlegroups.com <ntsys...@googlegroups.com> On Behalf Of Denes, Laszlo
Sent: Friday, February 12, 2021 5:28 AM
To: ntsys...@googlegroups.com
Subject: [ntsysadmin] RE: Script or free tool to enumerate AD OU permissions

 

Warning: This email originated from outside of CDFW and should be treated with extra caution.

 

To view this discussion on the web visit https://groups.google.com/d/msgid/ntsysadmin/6167e8e989de433d9f9fdbb48b920715%40TGHVSEX2013ACT.torontograce.org.

[Fut Dey]

Thanks for the links and the additional apps Laszlo.

Regards,

Fut

---

From: ntsys...@googlegroups.com <ntsys...@googlegroups.com> on behalf of Denes, Laszlo <lde...@torontograce.org>
Sent: Friday, February 12, 2021 5:27 AM
To: ntsys...@googlegroups.com <ntsys...@googlegroups.com>
Subject: [ntsysadmin] RE: Script or free tool to enumerate AD OU permissions

 

To view this discussion on the web visit https://groups.google.com/d/msgid/ntsysadmin/6167e8e989de433d9f9fdbb48b920715%40TGHVSEX2013ACT.torontograce.org.