Activedirectory – Group – user – membership validation tool

In any IT environment it is very important to understand how a distribution and security groups work. I have come across many employees with minimal knowledge on providing permissions to individuals and groups. I will just add very basic one liners about it in this blog.

* Permissions can be provided to any user or a security group to a Folder or SQL Server (I will use the work container).
* If permissions are provided to a Security group all the members of the security group gains access to the container.
* If Deny permissions are enabled for a user that takes precedence. Example, If I give access to a group X (Assume A is member of group X) and Denied permission to A, I permissions on given container will be denied.
* Security group membership is recursive. Example: if GroupC is member GroupB and GroupB member of GroupA adding permissions to GroupA results GroupC members to gain permissions.
* Distribution groups and Security groups are different. Distribution groups are used to send mails and security groups are for managing permissions. A group can be either a distribution group or a security group or mail enabled security group.
* For a windows folder, effective permissions for a given user can be validated: Folder properties -> Security -> Advanced -> Effective permissions -> Search user
* ActiveDirectoryHelper is a very helpful tool with GUI to understand users and group information in active directory.

Effective Permissions:
EffectivePermissions

-Vijred

Advertisements
This entry was posted in knowledge, Productivity, Uncategorized, Windows Server and tagged , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s