I’d like to determine what kind of permissions a specific user (service account) has on a particular AD user object. I have this one liner:
(Get-ACL ‘AD:\CN=ME,OU=Users,DC=childDomain,DC=forestRoot,DC=com’).Access | ft IdentityReference,AccessControlType -A
…and get this kind of output
NT AUTHORITY\SELF Allow
NT AUTHORITY\Authenticated Users Allow
NT AUTHORITY\SYSTEM Allow
…but wish for i.e. shows the service account has Write permission to attribute TargetAddress, etc. on the User object.
Any help is certainly appreciated here.