Active Directory Security dot com

Complete Coverage of Delegation, Security Audit & Compliance Reporting in Active Directory

Brought to you by former Microsoft Program Manager for Active Directory Security
REFERENCE GUIDANCE REPORTING
Reference | Top-20 D | Risks | FAQ Delegate | Verify | Assess | Audit | Report | Comply Reports Tools
Security Model
Security Descriptors
Security Groups
Security Permissions
Property Sets
Extended Rights
Validated Writes
Visibility Modes
SDDL
LDAP Filters
Deleted Objects
True Last Logon
Nested Group Memberships
Resultant Access




Gold Finger Mini

Active Directory Extended Rights

While standard operations on objects stored in and protected by Active Directory are governed by standard Active Directory permissions, there are certain operations that have special significance, and require special or extended permissions for their authorization.

These special or extended permissions govern the ability of a user to perform specific Active Directory operations, or Active Directory based identity and access management operations, and are often referred to as Active Directory Extended Rights.

The Active Directory security model recognizes fifty-one extended rights –

  1. Abandon-Replication

  2. Add-GUID

  3. Allocate-Rids

  4. Allowed-To-Authenticate

  5. Apply-Group-Policy

  6. Certificate-Enrollment

  7. Change-Domain-Master

  8. Change-Infrastructure-Master

  9. Change-PDC

  10. Change-Rid-Master



Are you trying to find out who has what extended rights in AD?
You can, with Gold Finger from Paramount Defenses !
 		       Free Trial  


  1. Change-Schema-Master

  2. Create-Inbound-Forest-Trust

  3. Do-Garbage-Collection

  4. Domain-Administer-Server

  5. DS-Check-Stale-Phantoms

  6. DS-Execute-Intentions-Script

  7. DS-Install-Replica

  8. DS-Query-Self-Quota

  9. DS-Replication-Get-Changes

  10. DS-Replication-Get-Changes-All

  11. DS-Replication-Manage-Topology

  12. DS-Replication-Monitor-Topology

  13. DS-Replication-Synchronize

  14. Enable-Per-User-Reversibly-Encrypted-Password

  15. Generate-RSoP-Logging

  16. Generate-RSoP-Planning

  17. Migrate-SID-History

  18. msmq-Open-Connector

  19. msmq-Peek

  20. msmq-Peek-computer-Journal



Are you trying to find out who has what extended rights in AD?
You can, with Gold Finger from Paramount Defenses !
 		       Free Trial  


  1. msmq-Peek-Dead-Letter

  2. msmq-Receive

  3. msmq-Receive-computer-Journal

  4. msmq-Receive-Dead-Letter

  5. msmq-Receive-journal

  6. msmq-Send

  7. Open-Address-Book

  8. Read-Only-Replication-Secret-Synchronization

  9. Reanimate-Tombstones

  10. Recalculate-Hierarchy



Are you trying to find out who has what security permissions or what extended rights in your Active Directory, and where?
You can, with Gold Finger from Paramount Defenses !
 		       Free Trial  


  1. Recalculate-Security-Inheritance

  2. Receive-As

  3. Refresh-Group-Cache

  4. SAM-Enumerate-Entire-Domain

  5. Send-As

  6. Send-To

  7. Unexpire-Password

  8. Update-Password-Not-Required-Bit

  9. Update-Schema-Cache

  10. User-Change-Password

  11. User-Force-Change-Password
Gold Finger - Microsoft-endorsed, Active Directory Resultant Access/Security Auditing/Reporting Tool
About Copyright ActiveDirSec.Com 2008 – 2011. All Rights Reserved Disclaimer
Active Directory Security Active Directory Reports Active Directory Reporting Tools Cyber Security and Global Security
Active Directory Audit Tool Active Directory Reporting Tool Active Directory Reporting Tools Active Directory Effective Permissions