AD Permissions Reporter - Online Manual

Online Manual

AD Objects View

The AD Objects view is the primary way to explore your Active Directory permissions in a hierarchical structure. This view shows objects in their natural container organization with detailed permission information.

Understanding the AD Objects Interface

The AD Objects view is divided into several sections:

AD Objects View Interface

AD Objects Tree (Left Panel)

The left panel shows a hierarchical tree of all AD objects included in the scan, organized by their container structure. Each object is represented with an icon indicating its type:

  • User Icon User account
  • Disabled User Icon Disabled user account
  • Group Icon Group
  • Computer Icon Computer
  • Disabled Computer Icon Disabled computer
  • OU Icon Organizational Unit
  • Container Icon Container
  • Domain Icon Domain
  • GPO Icon Group Policy Object

Object Details (Right Panel - Top)

When you select an object in the tree, its details appear in the right panel, including:

  • Path - The full path of the object in the directory
  • Distinguished Name - The full DN of the object
  • Object Type - The type of object (User, Group, Computer, etc.)
  • Owner - The account that owns the object
  • Created Date - When the object was created
  • Modified Date - When the object was last modified
  • Inherited - Whether the object inherits permissions from its parent

Permissions (Right Panel - Bottom)

Below the object details is a tabbed interface showing:

Access Control List (ACL) Tab

This tab shows all permission entries (ACEs) for the selected object:

  • Type - Allow or Deny
  • Display Name - The principal name and summary of permissions
  • Access - The specific rights granted or denied
  • Applies To - Where the permission applies (this object only, child objects, etc.)
  • Inherited - Whether the permission is inherited from a parent object

For groups, an expandable arrow appears, letting you see permissions applied through group membership:

Group Membership Permissions

Child Objects Tab

This tab lists all child objects directly under the selected object, showing:

  • Name
  • Object Type
  • Owner
  • Whether permissions are inherited

Permission Details

When you select a permission entry in the ACL tab, detailed information appears below:

Principal Details

  • Display Name
  • Principal Name
  • Domain
  • SID
  • Account Type
  • Group Members (if applicable)

Permission Details

  • Access Type (Allow/Deny)
  • Inherited status
  • Where it applies to
  • Individual permissions (Full Control, Read, Write, etc.)

Navigating the AD Objects View

  • Expanding/collapsing the tree - Click the arrows next to container objects to expand or collapse them
  • Selecting objects - Click on any object to view its details and permissions
  • Viewing permission details - Click on a permission entry to see its details

Color Coding

Permissions in the ACL list are color-coded for easier identification:

  • Red - Full Control permissions
  • Yellow - Modify permissions
  • Green - Read permissions
  • Blue - Special permissions

Event Log

At the bottom of the report view is an expandable Event Log section that shows any errors or warnings encountered during the scan. Click on the "EVENT LOG" header to expand or collapse this section.

For different ways to view your permission data, check out the Table View and Principal View pages.

Use of this site constitutes acceptance of our Privacy Policy and EULA. Copyright © Albus Bit SIA