ActiveDirSec.Org

The world's most trusted forum on Active Directory Security


Post Info TOPIC: How to identify access granted to a service account in Active Directory?


Newbie

Posts: 2
Date: May 19, 2013
How to identify access granted to a service account in Active Directory?
Permalink  
 


Hello Forum,

I need some help trying to figure out an easy (efficient) way to identify access granted to a service account in Active Directory.

We have a situation wherein quite a few service accounts were made members of certain security groups a few months ago, and it so happened that some of those security groups have administrative access granted in various parts of our Active Directory.

We have been tasked with identifying where all about half a dozen of these service accounts might have any sort of access granted in our Active Directory, based on the membership of these accounts in these security groups.

I've tried using dsacls but it doesn't seem to be easy. I've even tried PowerShell but that too has not led me anywhere. The group membership part seems to make it a little difficult.

Does anyone know of anyway to do this quickly and easily? I don't have a lot of time to do this, given that we're in the middle of a migration and there's already a lot on my plate.

Thanks for any help you can provide.

Ryan.



__________________

"An imbalance between rich and poor is the oldest and most fatal ailment of all republics." - Plutarch

Page 1 of 1  sorted by
Quick Reply

Please log in to post quick replies.

Post to Digg Post to Del.icio.us
Members Login
Username 
 
Password 
    Remember Me