PowerShell Tips: Who has Access To This Directory?

Here's a question many IT Administrators get from time to time:

"Can you tell me who has access to this directory?"

This question is being asked more often as many more devices are trying to gain access to the data you secure. While it is easy to see all the groups that have access just by right-clicking a directory and going to the Security tab, it is a challenge to view all the users who belong to those groups – especially those users listed inside nested groups.  I created this scripts, to be run alongside the ActiveDirectory PowerShell module, to read the Access Control List (ACL) on the directory.  An admin account is required to run the script in order to view the ACL.

Most of the tricky bits of this script contain comments in-line. Your input is welcome should a better method be available.

Skip to main content