This command-line tool detects and reports discrepancies in the
Access Control Lists (ACLs) of objects in Active Directory. It can
also reapply a security delegation template to an ACL, eliminating
special permissions and restoring incomplete delegations.
With AclDiag, you can:
Display the Access Control Entries (ACEs) in the ACL, and
inheritance and audit settings.
Display the effective permissions of users and groups to an
Active Directory object.
Compare the ACL for an object in Active Directory to the
default permissions defined in the schema.
Compare the ACL of an Active Directory object to a delegation
template.
Reapply the delegation template to the ACL of an Active
Directory object.
System Requirements
AclDiag runs on Windows 2000 and on Windows XP
Professional.
The user must have permission to read permissions on Active
Directory objects. To reapply a delegation template, the user must
have permission to modify permissions to the Active Directory
object.
File Required
Acldiag.exe
For more information
For more information about Active Directory, see the Active
Directory Overview(http://go.microsoft.com/fwlink/?LinkId=1646).
