Forum Search: Brain Cluster Technical Forum
Ultimate forum for Technical Discussions

Home » Microsoft » Windows Server » Active Directory » RE: Delegation - Effective Rights
RE: Delegation - Effective Rights [message #156124] Wed, 10 June 2009 16:18
Sanjay Tandon  is currently offline Sanjay Tandon
Messages: 2
Registered: June 2009
Junior Member
Hi Phani,

The good news is that this is a very typical scenario faced by virtually any
organization doing delegations in Active Directory.

The bad news is that this isn't that easy to figure out - what you need to
do is in effect accurately determine the effective resultant access in your
Active Directory.

And while some have suggested the use of dsacls or scripting, neither dsacls
nor scripting in itself can answer the question for you, because these tools
merely show you permissions, WHICH IS NOT THE SAME AS effective delegated

Most IT admins enounter this subtle but important pitfall -

In order to accurately assess delegated access in AD, you can follow the
steps in left column of this page -

Or you could use an automated solution, such as Gold Finger -

Best wishes,
(Former MSFT AD Security PM)

A Windows Server based IT infrastructure is only as secure as is its
underlying Active Directory.

"Phani" wrote:

> We have delegated our OU's to different AD Security groups. Now the delegation has been so much that its difficult to know who has what rights and where, hence i would like to if there is a way to know what permissions does each group have on different OU in the domain.
> Regards
Previous Topic:Workstations hang on running startup script due to GPO
Next Topic:Re: How to limit concurrent connections in active directory
Goto Forum:

Current Time: Sat Oct 21 19:09:53 EDT 2017

Total time taken to generate the page: 0.03500 seconds
.:: Contact :: Home ::Sitemap::.

Powered by: FUDforum 3.0.0RC2.
Copyright ©2001-2009 FUDforum Bulletin Board Software