Re: Finding Delegated users ,,,Need Imd Help

Jorge,

I was thinking about adfind. Was also thinking about DSACL.......I am just
very tired ( little one is teething and not getting a lot of sleep ) so
things are a little less than clear for this old man!

--
Cary W. Shultz
Roanoke, VA 24012
Microsoft Active Directory MVP

http://www.activedirectory-win2000.com
http://www.grouppolicy-win2000.com



"Jorge_de_Almeida_Pinto" <UseLinkToEmail@xxxxxxxxxxxxxxxxx> wrote in message
news:3_1738135_acc967bdf4bae6d031b544007e91c221@xxxxxxxxxxxxxxxxxxxx
> "santosh" wrote:
> > Hi All,
> > Anyone know how to search for users whom the administrator
> > have delegated
> > rights to create,delete...etc
> > My Administrator has moved to diff department,I have taken
> > over and as a
> > security concern I would just want to check these,can somebody
> > help me on
> > this..
> > Thanks
> > San
>
> Hello,
>
> If you know which groups/users have been delegated permissions but you
> don't know where, you could use DSREVOKE from MS (google for it and
> you willl find it)
>
> Another way to search is to search for all defined permissions on OUs
> using ADFIND from JOEWARE.NET
>
> adfind -b "DC=<DOMAIN>,DC=<TLD>" -f
> "(objectCategory=OrganizationalUnit)" -sddc ntsecuritydescriptor
>
> With this command you can get the security descriptors but they are in
> SDDL format and you need to convert that to human readable text.
> I at the moment don't know how to do that, but maybe the guy at
> joeware.net know.
>
> For more info on SDDL see
> http://www.washington.edu/computing/support/windows/UWdomains/SDDL.html
>
> Cheers
>
> --
> Posted using the http://www.windowsforumz.com interface, at author's
> request
> Articles individually checked for conformance to usenet standards
> Topic URL:
> http://www.windowsforumz.com/Active-Directory-Finding-Delegated-users-Imd-Help-ftopict549240.html
> Visit Topic URL to contact author (reg. req'd). Report abuse:
> http://www.windowsforumz.com/eform.php?p=1738135


.

Relevant Pages

  • Re: Re: Finding Delegated users ,,,Need Imd Help
    ... > permissions on OUs ... >> using ADFIND from JOEWARE.NET ... but it reports in SDDL format and humans ... the little one thinks "i can?t sleep, ...
    (microsoft.public.win2000.active_directory)
  • Re: Dump Domain Admins group to text?
    ... > Does anyone know how to dump the Domain Admins group to a text ... > trying to use adfind, but I'm not much of an LDAP querier. ... Visit Topic URL to contact author (reg. ...
    (microsoft.public.win2000.security)