This command-line tool displays the security descriptor for any
object stored in Active Directory. The security
descriptor contains the access control lists
(ACLs) defining the permissions that users have on objects
stored in Active Directory.
Notes
You must run SDCheck from the command window.
To enable administrators to determine the effective access
controls on an object, SDCheck also displays the object hierarchy
and any ACLs that are inherited by the object from its parent.
As changes are made to the ACLs of an object or its parent,
these changes are propagated automatically by Active Directory.
SDCheck displays the security descriptor propagation metadata, so
that administrators can monitor these changes with respect to
propagation of inherited ACLs, as well as replication of ACLs from
other domain
controllers.
As a complement to the replication monitoring tools
(Repadmin.exe and Replmon.exe), SDCheck can be used to ensure that
domain controllers are up-to-date with one another.
A security descriptor contains the security information
associated with a securable object. Every container and object on
the network or in Active Directory has a set of access control
information attached to it, known as a security descriptor.
Windows XP Professional automatically creates the security
descriptor when an object is created.
The following are the system requirements for SDCheck:
Windows XP Professional
File Required
Sdcheck.exe
500 Internal Server Error
Internal Server Error
The server encountered an internal error or
misconfiguration and was unable to complete
your request.
Please contact the server administrator at
webmaster@systemmanager.forsenergy.ru to inform them of the time this error occurred,
and the actions you performed just before this error.
More information about this error may be available
in the server error log.
Additionally, a 500 Internal Server Error
error was encountered while trying to use an ErrorDocument to handle the request.