In a previous blog post (Link), I showed a way to create a report on OU (Organizational Unit) permissions. One of the replies I got about that was: How about the Container permissions, those are important too 🙂 And that's correct, they are! In this blog post, I will show you how to create a report on those (Script is based on the OU report)
For one of our customers, we are working on restricting permissions of admin accounts by implementing Role Based Access and delegating permissions to Organizational Units (OU's). But one of the first questions was… What are the current permissions and what should we remove and where? In this blog post I will show you a way to report on the current permissions so that you can remove them where they shouldn't be granted 🙂
In a previous blog post (here) I wrote about how to get a list of changes in Active Directory administrative groups, I got a question about that on Facebook... The question was: Nice to get a list of changed groups and what the change was, but what account made that change? This blog post shows you a way to get all the security events from the Domain Controller security logs 🙂
Currently, I'm working for a customer on a new security model for their Active Directory, one of the things that we discussed was how to report on changes in certain administrative groups. I did this in the past using the Active Directory command-line tools (dsquery, dsget, etc.) but in this blog post, I will show you how to do this using PowerShell.