Dump the user object DACL permissions
Dump the user object DACL permissions

You will find below two methods to dump the user object DACL permissions in an Active Directory domain.

Script (with Microsoft Active Directory module loaded : import-module activedirectory) :

import-module activedirectory
$pw = read-host "Enter password" -AsSecureString
$cred = New-Object System.Management.Automation.PsCredential("admin@domain.local",$pw)
New-PSDrive -Name adroot -PSProvider "ActiveDirectory" -root "//RootDSE/" -Server "dc01.domain.local" -Credential $cred
(get-acl adroot:\"CN=username,CN=Users,DC=domain,DC=local").access  | ft identityreference, accesscontroltype -AutoSize

Script (with Quest Active Directory module) :

$pw = read-host "Enter password" -AsSecureString
connect-QADService -service 'dc01.domain.com' -ConnectionAccount 'domain\administrator' -ConnectionPassword $pw
Get-QADPermission 'domain\username' -Inherited -SchemaDefault

Use PowerShell to Explore Active Directory Security


Parameter Set: ByPath
Get-Acl [[-Path]  ] [-AllCentralAccessPolicies] [-Audit] [-Exclude  ] [-Filter  ] [-Include  ] [-UseTransaction] [ ]

Parameter Set: ByInputObject
Get-Acl -InputObject  [-AllCentralAccessPolicies] [-Audit] [-Exclude  ] [-Filter  ] [-Include  ] [-UseTransaction] [ ]

Parameter Set: ByLiteralPath
Get-Acl [-AllCentralAccessPolicies] [-Audit] [-Exclude  ] [-Filter  ] [-Include  ] [-LiteralPath  ] [-UseTransaction] [ ]

Detailed Description
The Get-Acl cmdlet gets objects that represent the security descriptor of a file or resource. The security descriptor contains the access control lists (ACLs) of the resource. The ACL specifies the permissions that users and user groups have to access the resource.

Beginning in Windows PowerShell 3.0, you can use the InputObject parameter of Get-Acl to get the security descriptor of objects that do not have a path.


Parameter Set: Default
New-PSDrive [-Name]  [-PSProvider]  [-Root]  [-Credential  ] [-Description  ] [-Persist] [-Scope  ] [-Confirm] [-WhatIf] [-UseTransaction] [ ]

Detailed Description
The New-PSDrive cmdlet creates temporary and persistent drives that are “mapped” to or associated with a location in a data store, such as a network drive, a directory on the local computer, or a registry key, and persistent Windows mapped network drives that are associated with a file system location on a remote computer.

Temporary drives exist only in the current Windows PowerShell session and in sessions that you create in the current session. They can have any name that is valid in Windows PowerShell and can be mapped to any local or remote resource. You can use temporary Windows PowerShell drives to access data in the associated data store, just like you would do with any mapped network drive. You can change locations into the drive (using “set-location”, “cd”, or “chdir”) and access the contents of the drive (using “get-item”, “get-childitem”, or “dir”).

However, because temporary drives are known only to Windows PowerShell, you cannot access them by using File Explorer, Windows Management Instrumentation (WMI), Component Object Model (COM), or the Microsoft .NET Framework, or by using tools such as Net Use.

New features are added to New-PSDrive in Windows PowerShell 3.0.

— Mapped network drives: You can use the Persist parameter of New-PSDrive to create Windows mapped network drives. Unlike temporary Windows PowerShell drives, Windows mapped network drives are not session-specific; they are saved in Windows and they can be managed by using standard Windows tools, such as File Explorer and Net Use. Mapped network drives must have a drive-letter name and be connected to a remote file system location.

— External drives: When an external drive is connected to the computer, Windows PowerShell automatically adds a PSDrive to the file system that represents the new drive. You do not need to restart Windows PowerShell. Similarly, when an external drive is disconnected from the computer, Windows PowerShell automatically deletes the PSDrive that represents the removed drive.

— Credentials for UNC Paths: When the value of the Root parameter is a UNC path, such as \\Server\Share, the credential specified in the value of the Credential parameter is used to create the PSDrive. Otherwise, the Credential parameter is not effective when creating new file system drives.

Dump the user object DACL permissions

Leave a Reply

Your email address will not be published. Required fields are marked *