| Object | ACE# | Trustee | AccessMask (hex) | Permissions (AccessMask Interpreted) | AceFlags (hex) | AF / Inherit | AF / Inherit, No Propagate | AF / Inherit Only | AF / Inherited | AceType (hex) | AceType Interpreted | Flags | Flags / OT Present | Flags / IOT Present | ObjectType | OT Interpr | Inherited ObjectType | IOT Interpr |
| DC=sanao,DC=com | ACE 1 | BUILTIN\Administrators | F01BD | Full Control except Delete Child(s) and Delete Subtree | 2 | Yes | 0 | Allow | 0 | |||||||||
| DC=sanao,DC=com | ACE 2 | NT AUTHORITY\Authenticated Users | 20094 | Read (incl. List Obj.) | 0 | 0 | Allow | 0 | ||||||||||
| DC=sanao,DC=com | ACE 3 | SANAO\Domain Admins | E01BD | Create Child(s), List Contents, Validated Write(s), Read Prop(s), Write Prop(s), List Object, Extended Right(s), Read Permissions, Modify Permissions, Modify Owner | 0 | 0 | Allow | 0 | ||||||||||
| DC=sanao,DC=com | ACE 4 | SANAO\Enterprise Admins | F01FF | Full Control | 2 | Yes | 0 | Allow | 0 | |||||||||
| DC=sanao,DC=com | ACE 5 | NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS | 20094 | Read (incl. List Obj.) | 0 | 0 | Allow | 0 | ||||||||||
| DC=sanao,DC=com | ACE 6 | Everyone | 10 | Read Prop(s) | 0 | 0 | Allow | 0 | ||||||||||
| DC=sanao,DC=com | ACE 7 | SANAO\Exchange Enterprise Servers | 4 | List Contents | 2 | Yes | 0 | Allow | 0 | |||||||||
| DC=sanao,DC=com | ACE 8 | SANAO\Exchange Enterprise Servers | 20000 | Read Permissions | 0 | 0 | Allow | 0 | ||||||||||
| DC=sanao,DC=com | ACE 9 | BUILTIN\Pre-Windows 2000 Compatible Access | 4 | List Contents | 2 | Yes | 0 | Allow | 0 | |||||||||
| DC=sanao,DC=com | ACE 10 | BUILTIN\Pre-Windows 2000 Compatible Access | 20010 | Read Prop(s), Read Permissions | 0 | 0 | Allow | 0 | ||||||||||
| DC=sanao,DC=com | ACE 11 | NT AUTHORITY\SYSTEM | F01FF | Full Control | 0 | 0 | Allow | 0 | ||||||||||
| DC=sanao,DC=com | ACE 12 | BUILTIN\Administrators | 100 | Extended Right(s) | 0 | 5 | Allow (Object) | 1 | Yes | {1131F6AA-9C07-11D1-F79F-00C04FC2DCD2} | Replicating Directory Changes | |||||||
| DC=sanao,DC=com | ACE 13 | BUILTIN\Administrators | 100 | Extended Right(s) | 0 | 5 | Allow (Object) | 1 | Yes | {1131F6AB-9C07-11D1-F79F-00C04FC2DCD2} | Replication Synchronization | |||||||
| DC=sanao,DC=com | ACE 14 | BUILTIN\Administrators | 100 | Extended Right(s) | 0 | 5 | Allow (Object) | 1 | Yes | {1131F6AC-9C07-11D1-F79F-00C04FC2DCD2} | Manage Replication Topology | |||||||
| DC=sanao,DC=com | ACE 15 | BUILTIN\Administrators | 100 | Extended Right(s) | 0 | 5 | Allow (Object) | 1 | Yes | {1131F6AD-9C07-11D1-F79F-00C04FC2DCD2} | Replicating Directory Changes All | |||||||
| DC=sanao,DC=com | ACE 16 | NT AUTHORITY\Authenticated Users | 100 | Extended Right(s) | 0 | 5 | Allow (Object) | 1 | Yes | {280F369C-67C7-438E-AE98-1D46F3C6F541} | Update Password Not Required Bit | |||||||
| DC=sanao,DC=com | ACE 17 | NT AUTHORITY\Authenticated Users | 100 | Extended Right(s) | 0 | 5 | Allow (Object) | 1 | Yes | {CCC2DC7D-A6AD-4A7A-8846-C04E3CC53501} | MS-TS-GatewayAccess | |||||||
| DC=sanao,DC=com | ACE 18 | NT AUTHORITY\Authenticated Users | 100 | Extended Right(s) | 0 | 5 | Allow (Object) | 1 | Yes | {05C74C5E-4DEB-43B4-BD9F-86664C2A7FD5} | Enable Per User Reversibly Encrypted Password | |||||||
| DC=sanao,DC=com | ACE 19 | SANAO\Domain Controllers | 100 | Extended Right(s) | 0 | 5 | Allow (Object) | 1 | Yes | {1131F6AD-9C07-11D1-F79F-00C04FC2DCD2} | Replicating Directory Changes All | |||||||
| DC=sanao,DC=com | ACE 20 | NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS | 100 | Extended Right(s) | 0 | 5 | Allow (Object) | 1 | Yes | {1131F6AA-9C07-11D1-F79F-00C04FC2DCD2} | Replicating Directory Changes | |||||||
| DC=sanao,DC=com | ACE 21 | NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS | 100 | Extended Right(s) | 0 | 5 | Allow (Object) | 1 | Yes | {1131F6AB-9C07-11D1-F79F-00C04FC2DCD2} | Replication Synchronization | |||||||
| DC=sanao,DC=com | ACE 22 | NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS | 100 | Extended Right(s) | 0 | 5 | Allow (Object) | 1 | Yes | {1131F6AC-9C07-11D1-F79F-00C04FC2DCD2} | Manage Replication Topology | |||||||
| DC=sanao,DC=com | ACE 23 | NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS | 10 | Read Prop(s) | A | Yes | Yes | 5 | Allow (Object) | 3 | Yes | Yes | {B7C69E6D-2CC7-11D2-854E-00A0C983F608} | tokenGroups | {BF967ABA-0DE6-11D0-A285-00AA003049E2} | user | ||
| DC=sanao,DC=com | ACE 24 | NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS | 10 | Read Prop(s) | A | Yes | Yes | 5 | Allow (Object) | 3 | Yes | Yes | {B7C69E6D-2CC7-11D2-854E-00A0C983F608} | tokenGroups | {BF967A9C-0DE6-11D0-A285-00AA003049E2} | group | ||
| DC=sanao,DC=com | ACE 25 | NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS | 10 | Read Prop(s) | A | Yes | Yes | 5 | Allow (Object) | 3 | Yes | Yes | {B7C69E6D-2CC7-11D2-854E-00A0C983F608} | tokenGroups | {BF967A86-0DE6-11D0-A285-00AA003049E2} | computer | ||
| DC=sanao,DC=com | ACE 26 | SANAO\Exchange Enterprise Servers | 20 | Write Prop(s) | 2 | Yes | 5 | Allow (Object) | 1 | Yes | {E48D0154-BCF8-11D1-8702-00C04FB96050} | Public Information | ||||||
| DC=sanao,DC=com | ACE 27 | SANAO\Exchange Enterprise Servers | 20 | Write Prop(s) | 2 | Yes | 5 | Allow (Object) | 1 | Yes | {77B5B886-944A-11D1-AEBD-0000F80367C1} | Personal Information | ||||||
| DC=sanao,DC=com | ACE 28 | SANAO\Exchange Enterprise Servers | 20 | Write Prop(s) | 2 | Yes | 5 | Allow (Object) | 1 | Yes | {9A9A021E-4A5B-11D1-A9C3-0000F80367C1} | groupType | ||||||
| DC=sanao,DC=com | ACE 29 | SANAO\Exchange Enterprise Servers | 20 | Write Prop(s) | 2 | Yes | 5 | Allow (Object) | 1 | Yes | {BF967953-0DE6-11D0-A285-00AA003049E2} | displayName | ||||||
| DC=sanao,DC=com | ACE 30 | SANAO\Exchange Enterprise Servers | 100 | Extended Right(s) | 0 | 5 | Allow (Object) | 1 | Yes | {1131F6AC-9C07-11D1-F79F-00C04FC2DCD2} | Manage Replication Topology | |||||||
| DC=sanao,DC=com | ACE 31 | SANAO\Exchange Enterprise Servers | 20094 | Read (incl. List Obj.) | A | Yes | Yes | 5 | Allow (Object) | 2 | Yes | {BF967ABA-0DE6-11D0-A285-00AA003049E2} | user | |||||
| DC=sanao,DC=com | ACE 32 | SANAO\Exchange Enterprise Servers | 60094 | List Contents, Read Prop(s), List Object, Read Permissions, Modify Permissions | A | Yes | Yes | 5 | Allow (Object) | 2 | Yes | {BF967A9C-0DE6-11D0-A285-00AA003049E2} | group | |||||
| DC=sanao,DC=com | ACE 33 | SANAO\Exchange Enterprise Servers | 20094 | Read (incl. List Obj.) | A | Yes | Yes | 5 | Allow (Object) | 2 | Yes | {4828CC14-1437-45BC-9B07-AD6F015E5F28} | inetOrgPerson | |||||
| DC=sanao,DC=com | ACE 34 | BUILTIN\Incoming Forest Trust Builders | 100 | Extended Right(s) | 0 | 5 | Allow (Object) | 1 | Yes | {E2A36DC9-AE17-47C3-B58B-BE34C55BA633} | Create Inbound Forest Trust | |||||||
| DC=sanao,DC=com | ACE 35 | BUILTIN\Pre-Windows 2000 Compatible Access | 20094 | Read (incl. List Obj.) | A | Yes | Yes | 5 | Allow (Object) | 2 | Yes | {BF967ABA-0DE6-11D0-A285-00AA003049E2} | user | |||||
| DC=sanao,DC=com | ACE 36 | BUILTIN\Pre-Windows 2000 Compatible Access | 20094 | Read (incl. List Obj.) | A | Yes | Yes | 5 | Allow (Object) | 2 | Yes | {4828CC14-1437-45BC-9B07-AD6F015E5F28} | inetOrgPerson | |||||
| DC=sanao,DC=com | ACE 37 | BUILTIN\Pre-Windows 2000 Compatible Access | 20094 | Read (incl. List Obj.) | A | Yes | Yes | 5 | Allow (Object) | 2 | Yes | {BF967A9C-0DE6-11D0-A285-00AA003049E2} | group | |||||
| OU=Demo,DC=sanao,DC=com | ACE 1 | NT AUTHORITY\SYSTEM | F01FF | Full Control | 0 | 0 | Allow | 0 | ||||||||||
| OU=Demo,DC=sanao,DC=com | ACE 2 | SANAO\Domain Admins | F01FF | Full Control | 0 | 0 | Allow | 0 | ||||||||||
| OU=Demo,DC=sanao,DC=com | ACE 3 | BUILTIN\Account Operators | 3 | Create Child(s), Delete Child(s) | 0 | 5 | Allow (Object) | 1 | Yes | {BF967A86-0DE6-11D0-A285-00AA003049E2} | computer | |||||||
| OU=Demo,DC=sanao,DC=com | ACE 4 | BUILTIN\Account Operators | 3 | Create Child(s), Delete Child(s) | 0 | 5 | Allow (Object) | 1 | Yes | {BF967ABA-0DE6-11D0-A285-00AA003049E2} | user | |||||||
| OU=Demo,DC=sanao,DC=com | ACE 5 | BUILTIN\Account Operators | 3 | Create Child(s), Delete Child(s) | 0 | 5 | Allow (Object) | 1 | Yes | {BF967A9C-0DE6-11D0-A285-00AA003049E2} | group | |||||||
| OU=Demo,DC=sanao,DC=com | ACE 6 | BUILTIN\Print Operators | 3 | Create Child(s), Delete Child(s) | 0 | 5 | Allow (Object) | 1 | Yes | {BF967AA8-0DE6-11D0-A285-00AA003049E2} | printQueue | |||||||
| OU=Demo,DC=sanao,DC=com | ACE 7 | NT AUTHORITY\Authenticated Users | 20094 | Read (incl. List Obj.) | 0 | 0 | Allow | 0 | ||||||||||
| OU=Demo,DC=sanao,DC=com | ACE 8 | NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS | 20094 | Read (incl. List Obj.) | 0 | 0 | Allow | 0 | ||||||||||
| OU=Demo,DC=sanao,DC=com | ACE 9 | BUILTIN\Account Operators | 3 | Create Child(s), Delete Child(s) | 0 | 5 | Allow (Object) | 1 | Yes | {4828CC14-1437-45BC-9B07-AD6F015E5F28} | inetOrgPerson | |||||||
| OU=Demo,DC=sanao,DC=com | ACE 10 | BUILTIN\Administrators | F01BD | Full Control except Delete Child(s) and Delete Subtree | 12 | Yes | Yes | 0 | Allow | 0 | ||||||||
| OU=Demo,DC=sanao,DC=com | ACE 11 | SANAO\Enterprise Admins | F01FF | Full Control | 12 | Yes | Yes | 0 | Allow | 0 | ||||||||
| OU=Demo,DC=sanao,DC=com | ACE 12 | SANAO\Exchange Enterprise Servers | 4 | List Contents | 12 | Yes | Yes | 0 | Allow | 0 | ||||||||
| OU=Demo,DC=sanao,DC=com | ACE 13 | BUILTIN\Pre-Windows 2000 Compatible Access | 4 | List Contents | 12 | Yes | Yes | 0 | Allow | 0 | ||||||||
| OU=Demo,DC=sanao,DC=com | ACE 14 | NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS | 10 | Read Prop(s) | 1A | Yes | Yes | Yes | 5 | Allow (Object) | 3 | Yes | Yes | {B7C69E6D-2CC7-11D2-854E-00A0C983F608} | tokenGroups | {BF967ABA-0DE6-11D0-A285-00AA003049E2} | user | |
| OU=Demo,DC=sanao,DC=com | ACE 15 | NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS | 10 | Read Prop(s) | 1A | Yes | Yes | Yes | 5 | Allow (Object) | 3 | Yes | Yes | {B7C69E6D-2CC7-11D2-854E-00A0C983F608} | tokenGroups | {BF967A9C-0DE6-11D0-A285-00AA003049E2} | group | |
| OU=Demo,DC=sanao,DC=com | ACE 16 | NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS | 10 | Read Prop(s) | 1A | Yes | Yes | Yes | 5 | Allow (Object) | 3 | Yes | Yes | {B7C69E6D-2CC7-11D2-854E-00A0C983F608} | tokenGroups | {BF967A86-0DE6-11D0-A285-00AA003049E2} | computer | |
| OU=Demo,DC=sanao,DC=com | ACE 17 | SANAO\Exchange Enterprise Servers | 20 | Write Prop(s) | 12 | Yes | Yes | 5 | Allow (Object) | 1 | Yes | {E48D0154-BCF8-11D1-8702-00C04FB96050} | Public Information | |||||
| OU=Demo,DC=sanao,DC=com | ACE 18 | SANAO\Exchange Enterprise Servers | 20 | Write Prop(s) | 12 | Yes | Yes | 5 | Allow (Object) | 1 | Yes | {77B5B886-944A-11D1-AEBD-0000F80367C1} | Personal Information | |||||
| OU=Demo,DC=sanao,DC=com | ACE 19 | SANAO\Exchange Enterprise Servers | 20 | Write Prop(s) | 12 | Yes | Yes | 5 | Allow (Object) | 1 | Yes | {9A9A021E-4A5B-11D1-A9C3-0000F80367C1} | groupType | |||||
| OU=Demo,DC=sanao,DC=com | ACE 20 | SANAO\Exchange Enterprise Servers | 20 | Write Prop(s) | 12 | Yes | Yes | 5 | Allow (Object) | 1 | Yes | {BF967953-0DE6-11D0-A285-00AA003049E2} | displayName | |||||
| OU=Demo,DC=sanao,DC=com | ACE 21 | SANAO\Exchange Enterprise Servers | 20094 | Read (incl. List Obj.) | 1A | Yes | Yes | Yes | 5 | Allow (Object) | 2 | Yes | {BF967ABA-0DE6-11D0-A285-00AA003049E2} | user | ||||
| OU=Demo,DC=sanao,DC=com | ACE 22 | SANAO\Exchange Enterprise Servers | 60094 | List Contents, Read Prop(s), List Object, Read Permissions, Modify Permissions | 1A | Yes | Yes | Yes | 5 | Allow (Object) | 2 | Yes | {BF967A9C-0DE6-11D0-A285-00AA003049E2} | group | ||||
| OU=Demo,DC=sanao,DC=com | ACE 23 | SANAO\Exchange Enterprise Servers | 20094 | Read (incl. List Obj.) | 1A | Yes | Yes | Yes | 5 | Allow (Object) | 2 | Yes | {4828CC14-1437-45BC-9B07-AD6F015E5F28} | inetOrgPerson | ||||
| OU=Demo,DC=sanao,DC=com | ACE 24 | BUILTIN\Pre-Windows 2000 Compatible Access | 20094 | Read (incl. List Obj.) | 1A | Yes | Yes | Yes | 5 | Allow (Object) | 2 | Yes | {BF967ABA-0DE6-11D0-A285-00AA003049E2} | user | ||||
| OU=Demo,DC=sanao,DC=com | ACE 25 | BUILTIN\Pre-Windows 2000 Compatible Access | 20094 | Read (incl. List Obj.) | 1A | Yes | Yes | Yes | 5 | Allow (Object) | 2 | Yes | {4828CC14-1437-45BC-9B07-AD6F015E5F28} | inetOrgPerson | ||||
| OU=Demo,DC=sanao,DC=com | ACE 26 | BUILTIN\Pre-Windows 2000 Compatible Access | 20094 | Read (incl. List Obj.) | 1A | Yes | Yes | Yes | 5 | Allow (Object) | 2 | Yes | {BF967A9C-0DE6-11D0-A285-00AA003049E2} | group |
To better examine the results:
1. Right-click the table in IE and select Export to Microsoft Excel.
2. In Excel's Data menu, select Filter => AutoFilter.
3. Use the drop-down lists on the header row to see the selection of values
or to filter rows.
4. Click cell B2.
5. In Excel's Window menu, select Freeze Panes.
Tip
Every now and then, use this script to take a snapshot of the permissions
in your domain. By comparing the snapshots, you can track any changes to the
permissions.
Color Legend
| An Allow ACE that is non-inherited |
| An Allow ACE that is inherited |
| A Deny ACE that is non-inherited |
| A Deny ACE that is inherited |
This report was generated at 11/1/2006 11:04:21 PM by ADReport,
a program by Sakari Kouti (see http://www.kouti.com)