Announcement

Collapse
No announcement yet.

How to retrieve what servers can be accessed by what users on AD

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • How to retrieve what servers can be accessed by what users on AD

    Hi all,

    I have been trying to export user's access rights from the AD for weeks but have little luck getting exactly what I want.

    What I would like to do is find out what access user's have on the AD. More specifically, what users have access to what servers. Where will this information be stored?

    I have tried the following:

    1) export group policy container using csvde
    - find out what rules are created but cannot directly link back to the user and which server it is coming from.

    2) installed ADAM, try to export relevant information

    3) installed plugin GPMC (Group Policy Management console)
    - try to get a list of policies tied in to a specific OU or domain or site

    4) Retrieve user group and its ACL using tools like "DumpSec" or "Hyena"
    - haven't tried this yet, will test the tools out and see if it gives me what I want.

    I can't seem to be able to retrieve this easily and it feels like there is no direct way to get such information. Can anyone help or give me some advice on how to go about retrieving this information?

    Any suggestions, links, ideas would be greatly appreciated. Thanks in advance.


  • #2
    Re: How to retrieve what servers can be accessed by what users on AD

    AD contains the user credentials and group belonging, not access rights to specific servers

    here's a good script:
    http://www.derkeiler.com/Newsgroups/...5-03/0009.html

    or this tool from MS: http://support.microsoft.com/kb/825751


    these have to be executed on the servers, since the permissions are there, on the NTFS shares.
    Real stupidity always beats Artificial Intelligence (c) Terry Pratchett

    BA (BM), RHCE, MCSE, DCSE, Linux+, Network+

    Comment

    Working...
    X