AclDiag Examples |
|
| Open Command Prompt | |
To display the ACL of a user object in Active Directory, type
acldiag
"LDAP://domain1.test.microsoft.com/CN=Test
Admin,CN=Users,DC=domain1,DC=test,DC=microsoft,DC=com"
To display a schema analysis of a computer object in Active Directory, type
acldiag
"LDAP://domain1.test.microsoft.com/CN=MACHINE-TEST,CN=Computers,DC=domain1,DC=test,DC=microsoft,DC=com"
/schema
To display the ACL, the effective permissions for all users, and the delegation analysis of a computer object in tab-delimited format, type:
acldiag
"LDAP://domain1.test.microsoft.com/CN=MACHINE-TEST,CN=Computers,DC=domain1,DC=test,DC=microsoft,DC=com"
/chkdeleg /geteffective:* /tdo
To reapply a delegation template to a group object, type
acldiag
"LDAP://domain1.test.microsoft.com/"CN=Domain
Computers,CN=Users,DC=domain1,DC=test,DC=microsoft,DC=com"
/chkdeleg /fixdeleg