This project has moved. For the latest updates, please go here.

Documentation

ADACLScannerGUI1.3.3.png

How to create a HTML report and save it.

1. Click Connect.
2. Select the OU you would like to create a report on.
ADACLScannerGUI1.3.3_Selected.png
3. Click Run Scan.
ADACLScannerGUI1.3.3_SimpleReport.png
4. On the report click Export.
5. Type the full path of the file you would like to save and click OK.
ADACLScannerGUI1.3.3_SimpleReport_Save.png
6. The file is written to disk. Click OK.
7. To view the report open Windows Explorer and view the content of C:\LabFiles.
8. Open the file CONTOSO-TEST.htm.
9. View the result in Internet Explorer.
10. Done.
If you like you can copy the content of the html file to excel for analyzing the result.

Last edited Feb 11, 2014 at 8:45 PM by robing, version 7

Comments

chrisagardner63 Jul 9, 2014 at 6:08 PM 
A little late to the game on finding this, and starting at a new company this is exactly what I am looking for. I am having a brain fart on using the Filter. I check Enable Filter, Click Load, enter my domain admin user account (select the box) and get No Permissions Found. Same for any security group name.
All other functionality works as expected.

Lelivienne Dec 13, 2013 at 8:18 AM 
how to use csv export as an ACL import?
the header is:
#CSV header value: OU,Trustee,Right,inheritance,objectTypeGUID,InheritedObjectTypeGUID,objectACEFlags,AccessControlType,isInherited,inheritanceFlag,propagationFlags

helpful links:
#http://damianflynn.com/2011/08/23/ad-delegating-control-in-powershell/
#objectACEFlags http://msdn.microsoft.com/en-us/library/system.security.accesscontrol.objectaceflags(v=vs.110).aspx

some sample script importing SCL into AD:
param(
[parameter(ParameterSetName="FILE",Mandatory=$true,Position=0)][string]$fileName
)

import-module ActiveDirectory

$AD_ACLS=import-csv $fileName -delimiter ','
foreach($ACLentry in $AD_ACLS) {
$ou=get-ADOrganizationalUnit $ACLentry.OU
$grpSID=new-object System.Security.Principal.SecurityIdentifier (get-adgroup $ACLentry.trustee).SID
$objTypeGUID=New-Object guid $ACLentry.objectTypeGUID
$inheritedOTGUID=New-Object guid $ACLentry.InheritedObjectTypeGUID
$ace=New-Object System.DirectoryServices.ActiveDirectoryAccessRule(
$grpSID,
$ACLentry.right,
$ACLentry.AccessControlType,
$objTypeGUID,
$ACLentry.inheritance,
$inheritedOTGUID
)
$acl=get-acl AD:$ou
$acl.AddAccessRule($ace)
set-acl -AclObject $acl AD:$OU

}