Specifies the name of the domain
controller on which to perform the query. The name may be
either the DNS name or the
NetBIOS name of
the domain controller.
Object
Specifies the name of the object on which you want to determine
the access control list
(ACL) entries. The name can be either the logon name (for
example, MICROSOFT\someone), the fully distinguished
name (for example, cn=Someone, ou=Sales,dc=microsoft,dc=com), or the user principal name
(for example, someone@microsoft.com).
/dumpsd
Displays only the security descriptor for the selected
object.
/dumpall
Displays the security descriptor for the selected object along
with all security descriptors inherited from parent containers.
This allows administrators to determine the inheritance of security
descriptors from parent objects through the object hierarchy.
/debug
Displays internal debugging information for the Security
Descriptor Check Utility.
/domain:DomainName
Specifies the domain name of UserName in either DNS or
NetBIOS format. Used to specify credentials other other than the
current user's.
/user:UserName
Specifies the name of a user other than the current one, in the
form of either the logon name or user principal name. If a user
principal name is specified, then a domain name is not
required.
/password:Password
Specifies the name of UserName. Used to specify
credentials other other than the current user's.
/?
Displays Security Descriptor Check Utility syntax at the
command line.
sdcheck Server Object