PowerView

View ACLs associated with an object

Get-DomainObjectAcl -SamAccountName student1 -ResolveGUIDs

Get-DomainObjectAcl -Identity "Domain Admins" -ResolveGUIDs

View ACLs associated with the specified prefix to be used for search

Get-DomainObjectAcl -SearchBase "LDAP://CN=RDP Users
,CN=Users,DC=dollarcorp,DC=moneycorp,DC=local" -ResolveGUIDs -Verbose

The way to read the output would be

Search for Write, Modify and GenericAll ACEs

Find-InterestingDomainAcl -ResolveGUIDs

Find-InterestingDomainAcl -ResolveGUIDs | ?{$_.IdentityReferenceName -match "student2"}

Find-InterestingDomainAcl -ResolveGUIDs | ?{$_.IdentityReferenceName -match "RDPUsers"}

Specified Path

Get-PathAcl -Path "\\dcorp-dc.dollarcorp.moneycorp.local\sysvol"

Last updated 1 year ago