Hi All,
All software projects take twice the estimated schedule, so
not on Tuesday, but now on Thursday there is finally the script to dump all AD
ACEs at the end of the page http://www.kouti.com/scripts.htm
A few comments:
- As always, you would get most of the results using just
end-user permissions
- The script works fastest, when run on a DC. They don't
often have Excel installed, so I modified the script to create an HTML file
instead of direct Excel dumping. You can copy this HTML file to a workstation,
right-click the table in IE and select Export to Microsoft
Excel.
- You can specify the root of dumping in an
inputbox.
- By modifying three lines in the beginning of the script,
you can specify:
- Whether to scan only OUs or also other
object classes
- Whether to scan only normal-view objects or also advanced-view objects
- Whether to display all ACEs or only non-inherited
- Whether to scan only normal-view objects or also advanced-view objects
- Whether to display all ACEs or only non-inherited
Please
let me know if you find bugs or have minor :-) feature suggestions. Note that
the script is not bullet proof. For example, it breaks, if you try to run it as
a standalone user, with no access to AD (no graceful exit, that
is).
Yours,
Sakari
PS.
Thanks for the congrats on my third child.
