AD Permissions Reporter is a tool for viewing and documenting permissions on Active Directory objects such as organizational units and user accounts.

Submitted by Chris Wright

It is common for certain AD permissions to be delegated to non-admin users or first-line support technicians so that they can perform administrative tasks without having full Domain Admin rights. However, it is not so common for these delegated permissions to be well documented and kept track of.

AD Permissions Reporter

AD Permissions Reporter

AD Permissions Reporter was designed to allow you to quickly view permissions on the entire domain, or in a specific sub tree of OUs, and provide the results in a format that is easier to read than the output from PowerShell scripts and other tools. The tool can also expand groups to show you direct and nested group members wherever a group has been used in permissions so that you can see exactly who it is that is being granted/denied that permission.

AD Permissions Reporter - Table view

AD Permissions Reporter - Table view

In the Standard Edition, you can use the filtering capabilities to locate specific permissions (for example, all objects where a specific user/group has been granted the “Reset Password” permission, or all permissions that are not inherited, or all objects that have different permissions to their parent container, etc.). However, the Free Edition still allows for reports to be customized to only include specified OUs and, optionally, to include child objects. Results can be displayed either in tree format or in table format and can be exported to a CSV file or an HTML file (with more formats available in the Standard Edition).

You can download AD Permissions Reporter here.


Leave a reply

Your email address will not be published. Required fields are marked *


© 4sysops 2006 - 2023


Please ask IT administration questions in the forums. Any other messages are welcome.


Log in with your credentials


Forgot your details?

Create Account