How can I determine the source of a permission?
A user, from the root of the domain has write permission to all group objects and their properties. I can see this access in the effective permissions but I can't tell where it comes from.
Access in the ACLS shows accounts and groups with access but I can't figure out where this access is coming from.
Here's what I've tried
dsacls dc=contoso,dc=org|findstr "username"
but it doesn't do anything.
get-acl AD:dc=contoso,dc=org
- How do you find the source of a user's privileges in Active Directory?
- How do you find what the "effective permissions tab used to calculate the access"?