AD Permissions Reporter - Online Manual

Principal View

The Principal View flips the perspective of your permission analysis, organizing data by security principals (users and groups) rather than by objects. This view helps you understand what access each user or group has across your Active Directory environment.

Accessing Principal View

To access the Principal View:

  1. Generate a report or load an existing one
  2. Click on the "Principal View" tab in the report viewer

Note: When you first switch to the Principal View tab, there may be a brief delay as the application generates the principal-based data structure.

Principal View Interface

Understanding the Principal View

The Principal View is organized as a master-detail grid:

Principals Grid (Master)

The top grid shows all security principals (users, groups, computers) that have permissions in your Active Directory. For each principal, you'll see:

  • Account - The sAMAccountName of the principal
  • Display Name - The display name, if available
  • Type - The type of principal (User, Group, Computer, etc.)
  • Description - The description of the principal
  • Department - For users, their department
  • Manager - For users, their manager
  • Job Title - For users, their job title
  • SID - The Security Identifier of the principal

Objects Grid (Detail)

When you select a principal in the top grid, the bottom grid shows all objects where that principal has permissions:

  • Name - The name of the AD object
  • Path - The path of the object in the directory
  • Owner - The owner of the object
  • Inheritance - Whether the object inherits permissions
  • Type - Allow or Deny permission
  • Inherited - Whether the permission is inherited
  • Applies To - Where the permission applies
  • Parent Group - If applicable, through which group the permission is granted

The remaining columns show detailed permission breakdowns:

Basic Permissions Columns

  • Full Control
  • Modify
  • Read and Execute
  • List Contents
  • Read
  • Write
  • Special

Advanced Permissions Columns

  • Full Control
  • Traverse/Execute
  • List/Read Data
  • Read Attributes
  • Read Ext. Attrs
  • Create/Write Data
  • Create/Append Data
  • Write Attributes
  • Write Ext. Attrs
  • Delete Subfolders
  • Delete
  • Read Permissions
  • Change Permissions
  • Take Ownership

Filtering the Principal View

The Principal View provides several filtering options:

Quick Filter Dropdown

Use the "Filter" dropdown to quickly filter by principal type:

  • All Principals - Show all security principals
  • Users Only - Show only user accounts
  • Groups Only - Show only groups
  • Computers Only - Show only computer accounts

Search Box

Use the "Search" text box to find specific principals or objects. This searches across all columns in both the principal grid and the objects grid.

Column Filters

Each column in both grids has its own filter capability:

  1. Click the filter icon in any column header
  2. Choose from the provided filter options or enter a custom filter
  3. The grid will update to show only matching rows

Sorting and Grouping

Like the Table View, the Principal View supports sorting and grouping:

  • Click any column header to sort by that column
  • Drag column headers to the grouping area to group by those columns
  • Expand or collapse groups as needed

Analyzing Principal Data

The Principal View is particularly useful for:

  • User access reviews - See all the permissions a particular user has across your AD
  • Group permission analysis - Understand the reach of group permissions
  • Security audits - Identify users or groups with excessive permissions
  • Access cleanup - Find permissions that should be removed or adjusted

Exporting Principal View Data

Export the Principal View data for external analysis:

  1. Use the "Export" buttons at the top of the view
  2. Choose from Excel, PDF, or HTML formats
  3. The export will include all currently visible data (respecting any active filters)

The Principal View is particularly valuable in access review scenarios, where you need to understand what permissions specific users or groups have across your environment, rather than focusing on the permissions for specific objects.

For different perspectives on your AD permissions, check out the AD Objects View and Table View pages.



Use of this site constitutes acceptance of our Privacy Policy and EULA. Copyright © Albus Bit SIA