Hello all,

Please excuse my English. I am wanting to know how to find out who all is delegated what tasks in our corporate OU? We have a small OU structure with a total of about 11 OUs, and amongst our OUs we have about 700 domain user accounts, 900 domain computer accounts and approximately 200 security groups.

We are in the process of doing a review of our security, and management has asked for a report that documents who all has what privileges in our corporate Active Directory, especially for important areas like account and group management.

We started looking at the ACLs but there are so many, and besides just looking at these permissions does not appear to be painting correct picture. I mean, we have some deny permissions, used some nested groups for delegating access, and now to try and find out who is having what effective permissions is becoming very difficult.

If you have some experience in the area, or any ideas on how to review this, I will be thankful for your help.

Thank you.
Manuel