Re: Re: Finding Delegated users ,,,Need Imd Help

From: Jorge_de_Almeida_Pinto <DoNotEmail@xxxxxxxxxxxxxxxxx>
Date: 23 Jun 2005 22:35:59 -0400

"Cary Shultz A.D. M" wrote:
> Jorge,
>
> I was thinking about adfind. Was also thinking about
> DSACL.......I am just
> very tired ( little one is teething and not getting a lot of
> sleep ) so
> things are a little less than clear for this old man!
>
> --
> Cary W. Shultz
> Roanoke, VA 24012
> Microsoft Active Directory MVP
>
> http://www.activedirectory-win2000.com
> http://www.grouppolicy-win2000.com
>
>
>
> "Jorge_de_Almeida_Pinto" <UseLinkToEmail@xxxxxxxxxxxxxxxxx>
> wrote in message
> news:3_1738135_acc967bdf4bae6d031b544007e91c221@xxxxxxxxxxxxxxxxxxxx
> > "santosh" wrote:
>  > > Hi All,
>  > > Anyone know how to search for users whom the
> administrator
>  > > have delegated
>  > > rights to create,delete...etc
>  > > My Administrator has moved to diff department,I have
> taken
>  > > over and as a
>  > > security concern I would just want to check
> these,can somebody
>  > > help me on
>  > > this..
>  > > Thanks
>  > > San
> >
> > Hello,
> >
> > If you know which groups/users have been delegated
> permissions but you
> > don't know where, you could use DSREVOKE from MS (google for
> it and
> > you willl find it)
> >
> > Another way to search is to search for all defined
> permissions on OUs
> > using ADFIND from JOEWARE.NET
> >
> > adfind -b "DC=<DOMAIN>,DC=<TLD>" -f
> > "(objectCategory=OrganizationalUnit)" -sddc
> ntsecuritydescriptor
> >
> > With this command you can get the security descriptors but
> they are in
> > SDDL format and you need to convert that to human readable
> text.
> > I at the moment don't know how to do that, but maybe the guy
> at
> > joeware.net know.
> >
> > For more info on SDDL see
> > http://www.washington.edu/computing/support/windows/UWdomains/SDDL.html
> >
> > Cheers
> >
> > --
> > Posted using the http://www.windowsforumz.com interface, at author's
> > request
> > Articles individually checked for conformance to usenet
> standards
> > Topic URL:
> > http://www.windowsforumz.com/Active-Directory-Finding-Delegated-users-Imd-Help-ftopict549240.html
> > Visit Topic URL to contact author (reg. req'd). Report
> abuse:
> > http://www.windowsforumz.com/eform.php?p=1738135

Hi Cary,

DSACLS and ACLDIAG can not help the guy with what he wants.
Both wil do fine to grant/read permissions on single objects.

Het wants to go through AD and what the delegations are what simply
means "check all security descriptors" and report into a file

ADFIND from Joeware works OK, but it reports in SDDL format and humans
don?t really like that format. I once downloaded a SDDL parser that
converts one string at a time to a readable format. I tried to search
for it again but I did not succeed

hehe... the little one thinks "i can?t sleep, so you can?t sleep!"
;-)

Cheers,
.

References:
- Re: Finding Delegated users ,,,Need Imd Help
  - From: Cary Shultz [A.D. MVP]

Prev by Date: Re: Re: SMTP will not start - Error in DCDIAG
Next by Date: Utility for listing policies in Active Directory
Previous by thread: Re: Finding Delegated users ,,,Need Imd Help
Next by thread: LDIFDE Question
Index(es):
- Date
- Thread