So says joe (of joeware):
Interestingly I just made a slide up for this exact question for Dean and my presentation for DEC... Guess no one has to show up now that I have given away what we will talk about... Anyway... adfind -default -sc aclnoinherit will show all objects in the default Domain NC that have inheritence disabled if you then add to it ... -f objectcategory=person and it will just show user/contact objects. joe Regards, Michael B. Smith MCSE/Exchange MVP http://TheEssentialExchange.com From: Michael B. Smith [mailto:[EMAIL PROTECTED] Sent: Monday, February 25, 2008 6:04 PM To: 'NT System Admin Issues' Subject: RE: AD user property export Inherit WHICH permissions? If you can already script, you can get what you need from a sample ACL script I wrote. And I wouldn't be surprised if iCACLS couldn't do this. Or subinacl. http://theessentialexchange.com/blogs/michael/archive/2007/11/13/displaying- security-on-active-directory-exchange-and-registry-objects.aspx Regards, Michael B. Smith MCSE/Exchange MVP http://TheEssentialExchange.com From: David Lum [mailto:[EMAIL PROTECTED] Sent: Monday, February 25, 2008 5:30 PM To: NT System Admin Issues Subject: RE: AD user property export Bump once.anyone? From: David Lum [mailto:[EMAIL PROTECTED] Sent: Friday, February 22, 2008 11:25 AM To: NT System Admin Issues Subject: AD user property export I need to find all my AD user accounts that do not inherit their permissions from their parent OU - anyone have a script for that, or send me what attribute I need to specify? Dave Lum - Systems Engineer [EMAIL PROTECTED] - (971)-222-1025 "When you step on the brakes your life is in your foot's hands" ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
