Announcement

Collapse
No announcement yet.

Active.Directory: View.OU.Delegation.in.a.domain

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Active.Directory: View.OU.Delegation.in.a.domain

    Situation: Suppose I have 1000 OUs in AD. I have 2 co-admins who work with me. I delegate some OUs to them so they can have full control over those OUs.

    Question: If I forgot which OUs that I delegated to my co-admins how can I find out which ones they are ? ( fastest way)

    Thanks!
    Teamwork

  • #2
    Enable the Advanced view in DSA.MSC, then right-click the OU and see the Security tab. You might need to click on the Advanced button to see all permissions.
    Cheers,

    Daniel Petri
    Microsoft Most Valuable Professional - Active Directory Directory Services
    MCSA/E, MCTS, MCITP, MCT

    Comment


    • #3
      1000 OUs and dig all of them with GUI ?

      Remember the BATCH files that used to do wonders a while ago ?

      Code:
      @ECHO OFF
      
      SET ACCOUNT=%1
      IF NOT DEFINED ACCOUNT GOTO USAGE
      
      FOR /F "usebackq delims=XXX tokens=1" %%i IN (`dsquery ou`) DO (
      	dsacls %%i | find /I "%1" > nul
      	IF ERRORLEVEL 1 (
      		echo Account %1 has no explicit entries in DACL
      	) ELSE (
      		echo Account %1 has explicit entries in the DACL of %%i
      	)
      )
      
      GOTO END
      
      :USAGE
      echo.
      echo	USAGE: %0 [account name or security group]
      echo.
      echo	EXAMPLE: %0 Administrator
      
      :END
      will run on W2K3 only or any platform that has:
      - dsquery
      - dsacls
      - find
      Guy Teverovsky
      "Smith & Wesson - the original point and click interface"

      Comment


      • #4
        I ran the batch file...It worked great .

        Thanks again.
        Teamwork

        Comment

        Working...
        X