Website / Download / TechNet Blog Post

A tool with GUI used to create reports of access control lists in Active Directory.

Features
  • View HTML reports of ACLs and save it to disk.
  • Export ACLs on Active Directory objects in a CSV format.
  • Connect and browse you default domain, schema , configuration or a naming context defined by distinguishedname.
  • Browse naming context by clicking your way around, either by OU’s or all types of objects.
  • Report only explicitly assigned ACLs.
  • Report on OUs, OUs and Container Objects or all object types.
  • Filter ACLs for a specific access type. Where does “Deny” permission exists?
  • Filter ACLs for a specific identity. Where does "Domain\Client Admins" have explicit access? Or use wildcards like "*jdoe*".
  • Filter ACLs for permission on specific object. Where are permissions set on computer objects?
  • Skip default permissions (defaultSecurityDescriptor) in report. Makes it easier to find custom permissions.
  • Report owner of object.
  • Compare previous results with the current configuration and see the differences by color scheme (Green=matching permissions, Yellow= new permissions, Red= missing permissions).
  • Report when permissions were modified
  • Can use AD replication metadata when comparing.
  • Can convert a previously created CSV file to a HTML report.
  • Effective rights, select a security principal and match it against the permissions in AD.
  • Colour coded permissions based on criticality when using effective rights scan.
  • List your domains and select one from the list.
  • Get the size of the security descriptor (bytes).
  • Reporting on disabled inheritance.
  • Get all inherited permissions in report.