I'm after a way of displaying the particular folders a security group may have access to.
I know I can check individual folders, and compile a list manually, but we have too many for this approach to be practical. There doesn't seem to be an obvious (to me anyway) way of extracting this info from the AD Users and Computers MMC. Perhaps I'm looking in the wrong place?
I've been asked to audit the current access permissions for groups within our AD, so that is the end goal. Some kind of report
I'm coming to grips with AD after migrating from eDirectory, and any ideas would be appreciated.
Thanks.
Best Answer
It can't be done the way you want. It just doesn't work that way. The ACLs (Access control lists) are stored on each file and folder. AD doesn't have a clue what folders and files (and servers) the group has been assigned to.
What you can do however, is use the AccessEnum tool from Microsofts Sysinternals. You can run this on a file server, and it will tell you who/what has access to each folder. You can then export this to a CSV for analysis in Excel.
(source: microsoft.com)