Announcement

Collapse
No announcement yet.

Export security on objects in AD

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Export security on objects in AD

    Hello!

    My helpdesk has a problem resetting some users' password. Looking at one of the users I can see that the "account operators" group are missing the "security" pane.

    Is possible to do and export in a OU and get to know all about the security information on the objects herein?

  • #2
    Re: Export security on objects in AD

    I thought I saw this posted elsewhere. Did you post it somewhere else and get this resolved ?
    Kevin Stanush
    SystemTools Software Inc.

    Comment


    • #3
      Re: Export security on objects in AD

      Hmm no I don't think so but I would be very happy if there was a way to do this.

      Comment


      • #4
        Re: Export security on objects in AD

        Let me know what the problem is resetting user passwords and how they are going about it (the steps involved). You can get a listing of permissions for any object in Hyena by right clicking on the object (or multiple objects in the right window) and selecting "List Directory Security". For users, this option is on the "Account Functions" menu. There is an AD security right for reset passwords. Note that you can also see this right on OUs as well, if it was set to propogate to child objects (users, etc.)
        Kevin Stanush
        SystemTools Software Inc.

        Comment


        • #5
          Re: Export security on objects in AD

          The problem is that my helpdesk used to be "domain admins" but now they're only account operators. On some of the user objects in the AD "account operators" are not on the "security" tab. But also the objects don't enherit security from above settings.

          So this means my helpdesk can't unlock some user accounts as they get access denied. So I would like to search for all those objects where "account operators" are not listed in on the security tab.

          Right now a domain admin will manually add the account operators to the user object when we have this "problem".

          I didn't know about the "list directory security". Is it possible to do an export on all objects not having "account operators" on the security list?

          Comment


          • #6
            Re: Export security on objects in AD

            There isn't any way to export this list using our export tool (Exporter Pro), but you can get the security listing for any number of objects and then export this to a file (Edit->Select All, Edit->Copy). But the resulting list will show what settings are present, not which ones are absent. For that, you would have to run an MSAccess query against a full list of accounts vs the access and show which ones have the missing security setting.
            Kevin Stanush
            SystemTools Software Inc.

            Comment

            Working...
            X