Active Directory Security dot com

Complete Coverage of Delegation, Security Audit & Compliance Reporting in Active Directory

Brought to you by former Microsoft Program Manager for Active Directory Security
REFERENCE GUIDANCE REPORTING
Reference | Top-20 D | Risks | FAQ Delegate | Verify | Assess | Audit | Report | Comply Reports Free Tools
Security Model
Security Descriptors
Security Groups
Security Permissions
Property Sets
Extended Rights
Validated Writes
Visibility Modes
SDDL
LDAP Filters
Deleted Objects
True Last Logon

Active Directory Extended Rights

While standard operations on objects stored in and protected by Active Directory are governed by standard Active Directory permissions, there are certain operations that have special significance, and require special or extended permissions for their authorization.

These special or extended permissions govern the ability of a user to perform specific Active Directory operations, or Active Directory based identity and access management operations, and are often referred to as Active Directory Extended Rights.

The Active Directory security model recognizes fifty-one extended rights –

  1. Abandon-Replication

  2. Add-GUID

  3. Allocate-Rids

  4. Allowed-To-Authenticate

  5. Apply-Group-Policy

  6. Certificate-Enrollment

  7. Change-Domain-Master

  8. Change-Infrastructure-Master

  9. Change-PDC

  10. Change-Rid-Master



Are you trying to find out who has what extended rights in AD?
You can, with Gold Finger from Paramount Defenses !
 		       Free Download  


  1. Change-Schema-Master

  2. Create-Inbound-Forest-Trust

  3. Do-Garbage-Collection

  4. Domain-Administer-Server

  5. DS-Check-Stale-Phantoms

  6. DS-Execute-Intentions-Script

  7. DS-Install-Replica

  8. DS-Query-Self-Quota

  9. DS-Replication-Get-Changes

  10. DS-Replication-Get-Changes-All

  11. DS-Replication-Manage-Topology

  12. DS-Replication-Monitor-Topology

  13. DS-Replication-Synchronize

  14. Enable-Per-User-Reversibly-Encrypted-Password

  15. Generate-RSoP-Logging

  16. Generate-RSoP-Planning

  17. Migrate-SID-History

  18. msmq-Open-Connector

  19. msmq-Peek

  20. msmq-Peek-computer-Journal



Are you trying to find out who has what extended rights in AD?
You can, with Gold Finger from Paramount Defenses !
 		       Free Download  


  1. msmq-Peek-Dead-Letter

  2. msmq-Receive

  3. msmq-Receive-computer-Journal

  4. msmq-Receive-Dead-Letter

  5. msmq-Receive-journal

  6. msmq-Send

  7. Open-Address-Book

  8. Read-Only-Replication-Secret-Synchronization

  9. Reanimate-Tombstones

  10. Recalculate-Hierarchy

  11. Recalculate-Security-Inheritance

  12. Receive-As

  13. Refresh-Group-Cache

  14. SAM-Enumerate-Entire-Domain

  15. Send-As

  16. Send-To

  17. Unexpire-Password

  18. Update-Password-Not-Required-Bit

  19. Update-Schema-Cache

  20. User-Change-Password

  21. User-Force-Change-Password
                 What if you could instantly find out who has what extended rights in Active Directory for FREE?

You can, with the Gold Finger Active Directory Reporting Tool           Download your Free copy          
< About Copyright ActiveDirSec.Com 2008 – 2010. All Rights Reserved Disclaimer >