Home
AD ACL Scanner is a powerful lightweight PowerShell GUI and command line tool that will give detailed information about the ACL (Access Control Lists) in Active Directory or Active Directory Lightweight Directory Servers (AD LDS).
Using S.DS.P (System.DirectoryServices.Protocols) AD ACL Scanner connects to a directory server and export, compare and reports ACLs based on your search.
AD ACL Scanner is developed by Robin Granberg
- Get the group called "task-user-manage-users" permissions through the whole domain and display it in a HTML report
To get more information you can run the following.
get-help .\ADACLScan.ps1 -Full
- Get the group called "task-user-manage-users" permissions through the whole domain and display it in a HTML report
.\ADACLScan.ps1 -b "dc=contoso,dc=com" -EffectiveRightsPrincipal task-user-manage-users -Scope subtree -Output HTML -Show
- Get the group called "task-user-manage-users" permissions through the whole domain but skip default permissions and built-in groups. Then display it in a HTML report
.\ADACLScan.ps1 -b "dc=contoso,dc=com" -EffectiveRightsPrincipal task-user-manage-users -Scope subtree -SkipDefaults -SkipBuiltIn -Output HTML -Show
- Get all permissions on all OU's in the domain with color coded criticality
.\ADACLScan.ps1 -b "dc=contoso,dc=com" -ShowCriticalityColor -Scope subtree -Output HTML -Show