Hi all. One last question I had for now for this forum. As mentioned, we are in the midst of consolidating two forests into one Active Directory forest, and as a part of this we are also trying to audit our Active Directory, and this includes an audit of all the security permissions in our Active Directory domains.

As a part of our audit, we need a way to find out where all our admin groups, particularly Domain Admins, Enterprise Admins and two of our delegated account management groups have permissions in our Active Directory.

We have tried scripting and PowerShell etc, but the results are not exactly what we are looking for. For example, we wish to know where all these groups have specific permissions, such as where all our delegated IT account management team has Reset Password permissions.

I am sure others on this forum must have come across such a requirement as well, and I would appreciate any tips or advice you can provide on how to best do this.

Thanks guys.