powershell windows-server-2008 user-accounts user-permissions

user account "effective permissions" with powershell

I need to compare AD users permissions (one user can "unset" an attribute and another cannot, both can change it).

How can I dump/compare user account "effective permissions" which I find when I go to user account > Security > Advanced > Effective Permissions (and select an user account) with powershell?

Solution

Using Quest Free PowerShell Commands for Active Directory is simple:

Get-QadPermission useraccountname -Inherited

or better way:

Get-QADUser -Name useraccountname -SecurityMask DACL | Get-QADPermission -Inherited -SchemaDefault

This return all effective permission Inherited or Explicit assigned for the user 'useraccountname'

The comparison can be made with compare-object. A very simple example:

compare-object (Get-QADPermission userA -Inherited | select Rights) (Get-QADPermission userB -Inherited | select rights)

PowerShell: script to check time sync
How to convert CSV or Object-Array to an object but with the first column as properties
Running a Powershell Start-Process command, with arguments containing spaces, from a batch script
Running a sequence of commands from within powershell of VSCode
How to clear the entire terminal (PowerShell)
How to use Windows System.Speech for TTS in PowerShell 7 (or is there an alternative)
Using multiple PowerShell parameter sets simultaneously
How can I fix using Power Shell and WPF windows, setting the text property of a textblock is failing with "Array index was null" with a complex DOM
Using UTF-8 Encoding (CHCP 65001) in Command Prompt / Windows Powershell (Windows 10)
Split and Join is resulting in error when I run it in a FOREACH block
PowerShell multiline regex is matching on regex101.com AND regexr.com, but not in Powershell code
Sort a multidimensional array/arraylist/hashtable
How can I account for summer time when adding hours to a DateTime base value in PowerShell?
powershell: Understanding Move-Item returned value
Mass saving PDFs (with unique ID at the start of the PDF) to folders that have unique ID at the end
How to modify a JSON with values from another JSON in PowerShell
Windows PowerShell error when attempting to bulk edit the Cost Center (costCenter) attribute
Can I get "&&" or "-and" to work in PowerShell?
Use Powershell to get book metadata from Amazon
Use PowerShell to generate a list of files and directories
Copy-Item command in powershell: problem with credentials
Renaming files by reformatting existing filenames - placeholders in replacement strings used with the -replace operator
Get proper startup directory in PowerShell when executed via a shortcut file
Why does Move-Item into a new directory implode the first directory?
PSCustomObject returns with extra return(s)
Windows Semicolons in Path
An empty pipe element is not allowed in ForEach-Object
How to retrieve day-wise working hours set in Outlook using Microsoft Graph API or PowerShell cmdlet?
Escaping issue with az ad app update in Azure DevOps Pipelines
Set-Content sporadically fails with "Stream was not readable"