Activedirectory – Group – user – membership validation tool

In any IT environment it is very important to understand how a distribution and security groups work. I have come across many employees with minimal knowledge on providing permissions to individuals and groups. I will just add very basic one liners about it in this blog.

* Permissions can be provided to any user or a security group to a Folder or SQL Server (I will use the work container).
* If permissions are provided to a Security group all the members of the security group gains access to the container.
* If Deny permissions are enabled for a user that takes precedence. Example, If I give access to a group X (Assume A is member of group X) and Denied permission to A, I permissions on given container will be denied.
* Security group membership is recursive. Example: if GroupC is member GroupB and GroupB member of GroupA adding permissions to GroupA results GroupC members to gain permissions.
* Distribution groups and Security groups are different. Distribution groups are used to send mails and security groups are for managing permissions. A group can be either a distribution group or a security group or mail enabled security group.
* For a windows folder, effective permissions for a given user can be validated: Folder properties -> Security -> Advanced -> Effective permissions -> Search user
* ActiveDirectoryHelper is a very helpful tool with GUI to understand users and group information in active directory.

Effective Permissions:


Related: (Command to find gorup members)

This entry was posted in knowledge, Productivity, Uncategorized, Windows Server and tagged , , , , . Bookmark the permalink.

1 Response to Activedirectory – Group – user – membership validation tool

  1. Pingback: Command to find domain group members | Blog for reference – Vijred

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s