seanosullivanuk/ADAccountsWOInheritance.ps1

Created November 17, 2020 14:53

Star 0 You must be signed in to star a gist
Fork 0 You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/seanosullivanuk/d9b1d90541df78dafc60267bde86a500.js"></script>
Save seanosullivanuk/d9b1d90541df78dafc60267bde86a500 to your computer and use it in GitHub Desktop.

Download ZIP

List all Active Directory user accounts that have their security inheritance disabled

Raw

ADAccountsWOInheritance.ps1

Get-ADUser -SearchBase "OU=Users,DC=internal,DC=example,DC=co,DC=uk" -Filter * -Properties nTSecurityDescriptor | ?{ $_.nTSecurityDescriptor.AreAccessRulesProtected -eq "True" }

Author

seanosullivanuk commented Nov 17, 2020

Found this useful when a few AD accounts couldn't successfully reset passwords via AAD Writeback.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment