2. business software
  3. news
  4. reviews
  5. top apps
Download AD ACL Scanner 4.5.0

AD ACL Scanner 4.5.0

By Robin Granberg  (Open Source)
User Rating

AD ACL Scanner is functional tool that that been written entirely in powershell. It is used to create reports of access control lists (DACLs) and system access control lists (SACLs) in Active Directory. It is particularly useful for comparing Access Control Lists using USN from replication metadata rapidly.

Getting started with AD ACL Scanner is relatively straightforward. The app launches a graphical interface without having to install it. You simply call the script file and display the rights in the related interface.

Key Features include:

  • View HTML reports of DACLs/SACLs and save it to disk.
  • Report only explicitly assigned DACLs/SACLs.
  • Report on OUs , OUs and Container Objects or all object types.
  • Report owner of object.
  • Filter DACLs/SACLs for a specific access type. Where does “Deny” permission exists?
  • Filter DACLs/SACLs for permission on specific object. Where are permissions set on computer objects?
  • Filter DACLs/SACLs for a specific identity. Where does "Domain\Client Admins" have explicit access? Or use wildcards such as "jdoe".
  • Filter DACLs/SACLs for permission on specific object. Where are permissions set on computer objects?
  • Skip default permissions (defaultSecurityDescriptor) in report.
  • Connect and browse you default domain, schema, configuration or a naming context defined by distinguishedname.
  • Export DACLs/SACLs on Active Directory objects in a CSV format.
  • Compare previous results with the current configuration and see the differences by color scheme.
  • Report when permissions were modified.
  • Can use AD replication metadata when comparing.
  • Can convert a previously created CSV file to a HTML report.

To use AD ACL Scanner effectively, you need to allow script execution in PowerShell on the appropriate PC. The Set-ExecutionPolicy Unrestricted cmdlet allows you to execute any script you need in PowerShell. A word of caution: you should temporarily override this setting and ensure that you restore the default, after running the script.

Title: AD ACL Scanner 4.5.0
Filename: ADACLScan4.5.ps1
File size: 508KB (520,056 bytes)
Requirements: Windows (All Versions)
Languages: Multiple languages
License: Open Source
Date added: June 30, 2016
MD5 Checksum: 758B157FADDEAAF53E52AED1F928209F

New Features
Added Exchange Schema Version check for Exchange Server 2016 CU1.(Credit to Kirill Nikolaev, Kaspersky Lab)

Fixed issues
Heavily improved code for “Skip Default Permissions”. Removed possible memory problem while scanning many objects.
Improved code for “Skip Protected Permissions”. One ACE was missing.
Null-valued array error while composing the list of domains. (Credit to Kirill Nikolaev, Kaspersky Lab)
Null-valued array error when closing domain picker window w/o actually selecting one. (Credit to Kirill Nikolaev, Kaspersky Lab)
Updated LDAP filters for getting trusted domains.(Credit to Kirill Nikolaev, Kaspersky Lab)
Fixed issues with use of credentials over trusts.
Fixed issues with TokenGroups over trust lookup.
Removed unused variables.
Replaced aliases like %,?,Select, foreach and Sort.
Put $null to the left in comparison strings.