How to get Access Control List for folders and subfolders in Active Directory?

Read on to know how to view Access Control List for folders and subfolders in Active Directory (AD) using PowerShell and how you can get it done easily with ADManager Plus.

Windows PowerShell

  • Identify the domain where the folder, for which the ACL is to be obtained, is located.
  • Create and compile the script for obtaining the ACL of the folder. Execute the script in PowerShell.
  • Sample script for obtaining the ACL of AD user account:
 Copied
$aclpath = "\\pdc\Shared\sales" #define path to the shared folder $reportpath ="D:\permissions\ACL.csv" dir -Recurse $path | where { $_.PsIsContainer } | % { $path1 = $_.fullname; Get-Acl $_.Fullname | % { $_.access | Add-Member -MemberType NoteProperty '.\Application Data' -Value $path1 -passthru }} | Export-Csv $reportpath
Click to copy entire script

ADManager Plus

  • Navigate to Reports > NTFS Reports > Folders Accessible by Accounts.
  • Select the Domain,User Account, folders, subfolder level and Access Type. Click Generate. You can even export the reports as CSV, PDF, XLSX or HTML.

Screenshot

Get ACL for Folders and Subfolders using ADManagerPlus

» Start 30-day Free Trial

This reports allows you view the folders that can be accessed by AD user accounts or groups.

Although generating access control list for folders with native tools like PowerShell looks simple, it comes with a few limitations:

  • The PowerShell script can be run only from the computers which have the Active Directory Domain Services role installed in them.
  • In case the access control list is to be obtained for multiple folders, you need to write a new, more complex script.
  • The syntax, parameters and iterations need to be correct. A typo or incorrect syntax might be difficult to spot and rectify, especially when the script is a long one.

ADManager Plus lets you perform the same with a few clicks from its web-based GUI console. It also has options for scheduling and automatically emailing the reports. Learn more about it here.

Gain complete control over NTFS permissions and file shares with purpose-built reports.

  Get 30-day free trial.
  • Embark on your script-free AD management, reporting, and automation journey with ADManager Plus.
  •  
     
  • By clicking 'Start your free trial now', you agree to processing of personal data according to the Privacy Policy.
  • Thanks
  • Your download should begin automatically in 15 seconds. If not, click here to download manually.

Related Powershell How-to Guides:

The one-stop solution toActive Directory Management and Reporting

Email Download Link