ADACLScan4.3.ps1

Rating: No reviews yet
Downloads: 1072
Released: May 2, 2016
Updated: May 2, 2016 by robing
Dev status: Stable Help Icon

Recommended Download

Source Code ADACLScan4.3.ps1
source code, 494K, uploaded May 2, 2016 - 1072 downloads

Release Notes

Version 4.3.0

2 May, 2016

SHA256: 3473DDB452DE7640FAB03CAD3E8AAF6A527BDD6A7A311909CFEF9DE0B4B78333

New Features
  • You can exclude multiple paths, just for each object, select and right click to choose Exclude.

Fixed issues
  • Unresolved security principals was shown as empty instead of SID.
  • Searching for SID's included built-in groups that did not translate before compare.

Version 4.2.0

14 April, 2016

SHA256: F340F6B56F11F879ED8A4C0DDA751FFF9538EE5105B2C0F39C79BED218E985E2:*

Fixed issues
  • The validated write was express as only "Self" in the report.
  • The validated write was never enumerated from the list of ControlAccessRights.

Version 4.1.0

12 April, 2016

SHA256: BE7ECB91AA0F819A1796739B0491CA4691DCBE718410CA8A7F9358B600754B2A

Fixed issues
  • Comparing builtin groups differ from running on DC and domain member.
  • Connecting to custom DC did not collected forest info.

Version 4.0.0

11 April, 2016

SHA256: C72CD69C0E15C1A9A276485FD5073F958B26B1A777928740C67B7E347F38938B

New Features
  • Faster compare of Access Control Lists using USN from replication metadata.
  • Primary directory service API changed to System.DirectoryServices.Protocols (S.DS.P).
  • Connect to custom directory server and port like mounted backup or snapshot of NTDS.dit.
  • Support for scanning AD LDS Instances.
  • Name translation of AD LDS Identity references in security descriptor.
  • Option to connect using credentials.
  • Export defaultSecurityDescriptor.
  • Compare DefaultSecurityDescriptor.
  • Download OS specific csv templates for DefaultSecuritydescriptor.
  • Connection Information tab provides information about the current connection.
  • Resizable Window

Fixed issues
  • Change the column name in the header from "OU" to "Object".
  • Display forest information like FFL,DFL,Schema Version, Exchange and Lync Schema version did not work due to wrong formatting of attributes.
  • Solved problem with returning schema version information about Exchange and Lync.
  • Minor improvements in the GUI.

Version 3.2.0

7 September, 2015

SHA1: 61CB4D160B4003FDF51FFACDB777FF0DC28D83D1

New Features
  • Report single or all classSchema objects default security descriptor.
  • Option to select between DACL or SDDL output of default security descriptors.
  • Displays forest information like FFL,DFL,Schema Version, Exchange and Lync Schema version.

Version 3.1.0

2 September, 2015

SHA1: EBBB7083BE00108B14B661016A0D049EFF092971

New Features
  • Option to show objectClass of objects reported
  • Option skip ACE's for "Protect object from accidental deletion"
  • Error control on .Net Framework CLRVersion

Version 3.0.1

10 July, 2015


Fixed issues
  • Reporting on modified default security descriptors in Schema did not work in Windows 10 or Windows Server Technical Preview 2.

Version 3.0

9 July, 2015

New Features
  • You can take a CSV file from one domain and use it for another. With replacing the old DN with the current domains you can resuse reports between domains. You can also replace the (Short domain name)Netbios name security principals.
  • Reporting on modified default security descriptors in Schema.
  • Verifying the format of the CSV files used in convert and compare functions.
  • When comparing with CSV file Nodes missing in AD will be reported as "Node does not exist in AD"
  • The progress bar can be disabled to gain speed in creating reports.
  • If the fist node in the CSV file used for comparing can't be connected the scan will stop.

Fixed issues
  • Only the first node in the CSV file was used in the comparison the rest was skipped.
  • If a node in the CSV file did not exist in AD, the comparison failed.

Version 2.2.2

7 July, 2015

Fixed issues
  • If you run AD ACL Scanner in Windows 10 or Windows Server Technical Preview 2 you would always get mismatch during comparing. Problem fixed with if statement on System.Enum in PowerShell 5.

Version 2.2.1

6 July, 2015

New Features
  • Number of excluded objects reported in Log.

Fixed issues
  • Broken scan! Everything are excluded when searching Onelevel or Subtree.

Version 2.2.0

4 July, 2015

New Features
  • Refresh Nodes by right-click container object.
  • Exclude of objects from report by matching string to distinguishedName

Version 2.1.2

2 July, 2015

Fixed issues
  • Every scan required SeSecurityPrivilege (Manage auditing and security log) due to modifications of the SecurityMasks. Now this is done only once you explicitly scan SACL's.

Version 2.1.1

12 June, 2015

Fixed issues
  • If you ran AD ACL Scanner in Windows 10 or Windows Server Technical Preview 2 you would get an error. Problem fixed with if statement on System.Enum in PowerShell 5.

Version 2.1.0

21 May, 2015

New Features
  • Changed format on CSV output file. New format according to regular CSV type.
  • Removed dependency on Active Directory PowerShell module for reporting on SACL's.
  • Rename html report headers, Rights are called Access and if SACL's is used it's called Audit.
  • HTLM reports contain headers
  • Summary of criticality for all report types
  • Support statement included

Fixed issues
  • Owner permissions are changed to the more accurate :Read permissions, Modify permissions.
  • Error when running PS 2.0 "ProgressBarWindow".
  • Correct name of SPN report file.
  • Criticality coloring of "Info"-level fixed.
  • Added error control for enumerating objects.

Version 2.0.3

29 October, 2014

Fixed issues
  • PS 2.0 "Where-Object : Cannot bind argument to 'FilterScript' because it is null":5369.

Version 2.0.2

28 October, 2014

New Features
  • Scan for SACL's
  • Option to skip Splash through new parameter "NoSplash"
  • Option to show help text through new parameter "Help"
  • Translation of object GUID in CSV file.

Fixed issues
  • Require connection to domain before converting CSV to HTML, otherwise object GUID translation will fail.

Version 2.0.1

15 October, 2014

Fixed issues
  • issues related to connecting to ForestDnsZones and DomainDnsZones

Version 2.0

October, 2014

New Features
  • New GUI
  • Progress Bar
  • Better browsing experience
  • Better logging function
  • Bug fixes

Reviews for this release

No reviews yet for this release.