nope, they don't.
But you'd be doing something wrong, if you'd use any of the
default groups to assign delegated permissions. As such, you should ensure
using a useful naming-convention for groups used for AD delegation to allow you
to analyse the ACLs so that you understand what's delegated and what's
default.
With a bit (or a lot) of extra scripting you could even
"substract" the default permissions from the existing rights on an object, so
that you're left with the non-default rights => the default permissions for
any AD object (e.g. organizationalUnit, user, group etc.) are stored in the
defaultSecurity attribute of the respective schemaClass object in the AD
schema.
Some good examples of scripts that handle AD ACLs (and ACLs
on File System or Exchange mailboxes etc.) can be found in the Script-Kits on
Alain Lissoir's site (handling ACLs is part of Volume 2)
/Guido
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Lucas, Bryan Sent: Freitag, 17. März 2006 22:31 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] View Delegated Tasks? Does the report or
dsacls distinguish between delegated and default
permissions? Bryan
Lucas Server
Administrator (817)
257-6971 From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Almeida Pinto, Jorge
de you can also use
DSREVOKE in report mode to see where a certain security principal has been
assigned delegated permissions in the domain
partition Met vriendelijke
groeten / Kind regards, Ing. Jorge de
Almeida Pinto Senior
Infrastructure Consultant MVP Windows
Server - Directory Services LogicaCMG
Nederland B.V. (BU RTINC (
Tel
: +31-(0)40-29.57.777 (
*
E-mail
: <see sender address> From:
[EMAIL PROTECTED] on behalf of Brian Desmond You
can use the dsacls command line tool if you want it in text view, or, in ADUC,
View>Advanced Features, and then right click the OU, Properties, Security
Tab. You can also get the ACL Editor view in ADSIEdit
natively. From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Harding,
Devon When I delegate permissions to a
group in ADUC to a specific OU (using the Delegate Wizard), how can I go back
and see who was delegated and the permissions? Windows Systems
Engineer Southern Wine & Spirits
- BSG 954-602-2469
|
- RE: [ActiveDir] View Delegated Tasks? Grillenmeier, Guido
- RE: [ActiveDir] View Delegated Tasks? Lucas, Bryan
- RE: [ActiveDir] View Delegated Tasks? Douglas M. Long
- RE: [ActiveDir] View Delegated Tasks? Ulf B. Simon-Weidner