Home » PowerShell » Get Active Directory Users Permissions Report

Get Active Directory Users Permissions Report

by

The Get-AdUser cmdlet in PowerShell is used to get one or more active directory users. Using the Get-Acl cmdlet, it gets an Active Directory users permissions report.

Get-Acl cmdlet in PowerShell gets the object which contains an access control list for files or resources.

You can view the Active Directory user permissions through the Security tab in ADUC (Active Directory Users and Computers).

Active Directory User Permissions
Active Directory User Permissions

In this article, we will discuss how to get active directory users’ permissions reports and export them to the CSV file, check ad user permission in the active directory using ADUC.

Let’s practice!

Table of Contents hide
1 Get Active Directory User Permissions Report
2 Get AdUser Permission Report
3 Conclusion

Get Active Directory User Permissions Report

Use the Get-ACL cmdlet in PowerShell to get a security descriptor that contains the access control list. Using it with the Get-AdUser cmdlet in the ad get an Active Directory user permission report.

Get-ADUser -Filter * | %{(Get-ACL "AD:$($_.distinguishedname)").access} | Export-Csv -Path C:\PowerShell\AdUser_Permissions_Report.csv -NoTypeInformation

In the above PowerShell script, it gets an active directory user permission report, and using the Export-CSV cmdlet in PowerShell, it exports the active directory users permission report to CSV file.

Cool Tip: How to use Get-AdOrganizationalUnit in the Active Directory!

Get AdUser Permission Report

Using the Get-AdUser in PowerShell, it gets one or more active directory users.

To get aduser permission report using PowerShell script, run the following command.

(Get-ACL "AD:$((Get-ADUser -Identity 'Arons').distinguishedname)").access | Select IdentityReference,AccessControlType

In the above PowerShell script, Get-AdUser gets user specified by Identity parameter.

Get-ACL cmdlet gets security descriptor for the aduser retrieved using Get-AdUser and Select its IdentityReference and AccessControlType properties.

The script gets the aduser permission in the active directory report.

Get-AdUser Permission Report
Get-AdUser Permission Report

Cool Tip: How to get active directory OU permissions report!

Conclusion

I hope the above article using Get-Acl to get an active directory user permission report is helpful to you.

Cool Tip: How to get permissions on folders and subfolders using PowerShell!

You can find more topics about PowerShell Active Directory commands and PowerShell basics on the ShellGeek home page.