Home/ Questions/Q 8018515
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-04T21:08:49+00:00

I need to compare AD users permissions (one user can unset an attribute and

  • 0

I need to compare AD users permissions (one user can “unset” an attribute and another cannot, both can change it).

How can I dump/compare user account “effective permissions” which I find when I go to user account > Security > Advanced > Effective Permissions (and select an user account) with powershell?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Using Quest Free PowerShell Commands for Active Directory is simple:

    Get-QadPermission useraccountname -Inherited

    or better way:

    Get-QADUser -Name useraccountname -SecurityMask DACL | Get-QADPermission -Inherited -SchemaDefault

    This return all effective permission Inherited or Explicit assigned for the user ‘useraccountname’

    The comparison can be made with compare-object.
    A very simple example:

    compare-object (Get-QADPermission userA -Inherited | select Rights) (Get-QADPermission userB -Inherited | select rights)
    • 0