RE: [ActiveDir] View Delegated Tasks?

[Grillenmeier, Guido]

nope, they don't.   But you'd be doing something wrong, if you'd use any of the default groups to assign delegated permissions.  As such, you should ensure using a useful naming-convention for groups used for AD delegation to allow you to analyse the ACLs so that you understand what's delegated and what's default.    With a bit (or a lot) of extra scripting you could even "substract" the default permissions from the existing rights on an object, so that you're left with the non-default rights => the default permissions for any AD object (e.g. organizationalUnit, user, group etc.) are stored in the defaultSecurity attribute of the respective schemaClass object in the AD schema.   Some good examples of scripts that handle AD ACLs (and ACLs on File System or Exchange mailboxes etc.) can be found in the Script-Kits on Alain Lissoir's site (handling ACLs is part of Volume 2) http://users.skynet.be/alain.lissoir/wmibooks/Volume_1_ScriptKits.zip http://users.skynet.be/alain.lissoir/wmibooks/Volume_2_ScriptKits.zip   /Guido From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Lucas, Bryan Sent: Freitag, 17. März 2006 22:31 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] View Delegated Tasks? Does the report or dsacls distinguish between delegated and default permissions?   Bryan Lucas Server Administrator Texas Christian University (817) 257-6971 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Almeida Pinto, Jorge de Sent: Friday, March 17, 2006 1:02 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] View Delegated Tasks?   you can also use DSREVOKE in report mode to see where a certain security principal has been assigned delegated permissions in the domain partition   Met vriendelijke groeten / Kind regards, Ing. Jorge de Almeida Pinto Senior Infrastructure Consultant MVP Windows Server - Directory Services   LogicaCMG Nederland B.V. (BU RTINC Eindhoven) (         Tel     : +31-(0)40-29.57.777 (    Mobile     : +31-(0)6-26.26.62.80 *   E-mail      : <see sender address>   From: [EMAIL PROTECTED] on behalf of Brian Desmond Sent: Fri 2006-03-17 19:58 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] View Delegated Tasks? You can use the dsacls command line tool if you want it in text view, or, in ADUC, View>Advanced Features, and then right click the OU, Properties, Security Tab. You can also get the ACL Editor view in ADSIEdit natively.   Thanks, Brian Desmond [EMAIL PROTECTED]   c - 312.731.3132     From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Harding, Devon Sent: Friday, March 17, 2006 1:52 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] View Delegated Tasks?   When I delegate permissions to a group in ADUC to a specific OU (using the Delegate Wizard), how can I go back and see who was delegated and the permissions?   Devon Harding Windows Systems Engineer Southern Wine & Spirits - BSG 954-602-2469   __________________________________ This message and any attachments are solely for the intended recipient and may contain confidential or privileged information. If you are not the intended recipient, any disclosure, copying, use or distribution of the information included in the message and any attachments is prohibited. If you have received this communication in error, please notify us by reply e-mail and immediately and permanently delete this message and any attachments. Thank You.