Phone Live Chat
US: +1 888 720 9500
US: +1 800 443 6694
Intl: +1 925 924 9500
Aus: +1 800 631 268
UK: 0800 028 6590
CN: +86 400 660 8680

Direct Inward Dialing: +1 408 916 9393

Permissions Reports

Active Directory permissions reports

On a day-to-day basis, organizations need to be wary of major security threats like insider attacks and espionage. Warding off potential attackers can go a long way in securing your organization's network and data. To accomplish this, however, a few things need to be aligned. You must have a complete understanding of the permissions assigned to users and groups in your Windows Active Directory (AD), the accounts, resources, and data that they can access, their NTFS and share permissions, and the operations that they can perform. In other words, you should have detailed reports on the permissions of users and groups in your AD.

These permissions reports are also necessary for passing compliance audits for various regulations such as SOX, HIPAA, GLBA, FISMA, the GDPR and PCI DSS. To list all the permissions that every AD user and group has, you would normally have to rely on PowerShell or other scripting languages outside of the Active Directory Users and Computers (ADUC) console, since it offers no help for AD reporting. ADManager Plus, on the other hand, provides purpose-built reports that make it easy to view all permissions assigned to users and groups in AD.

Windows Active Directory permissions reporting with ADManager Plus

ADManager Plus, a web-based Active Directory, Microsoft 365, and Exchange management and reporting tool, offers a predefined reports library, including permissions-based reports such as:

  • AD objects accessible by users and groups:

    View all objectsæusers, groups, computers, folders, NTDS service objects, and moreæthat specified AD users and groups can access, along with the permissions (read all properties, read logon information, write, list contents, change password, delete, full control, and more), and type of permission (allow or deny) they have for each object.

  • Servers accessible by users and groups:

    See all computers (servers and workstations) that selected AD users and groups can access, the operating systems of these computers, and the types of permissions (allow or deny) these machines have along with the complete list of operations they can perform on them.

  • Folders accessible by users and groups:

    Displays all the shared folders specified AD users and groups can access, the complete list of permissions or actions they can perform, and the type of permission (allow or deny) they have for the actions listed.

  • Subnets accessible by users and groups:

    Shows all subnets the selected users or groups in AD have access to. It also lists all operations that the selected users or groups are allowed and not allowed to perform in the subnets.

  • Permissions for folders:

    Displays the users and groups who have permissions to access specified folders and their corresponding permissions. For groups, this report also displays the group members, which in turn helps you figure out which groups and users can access the selected folder (as a result of being a member of the group).

  • Server permissions:

    Lists all users and groups who can access the selected servers and computers along with information on the domain they belong to, the permissions they have, and their security identifier (object SID).

  • Subnet permissions:

    View the users and groups that have access to the specified subnets and the permissions they have along with details such as their domain name, the object type, and object SID.

  • Groups for users:

    For every selected user, this report displays the groups that they are members of along with information such as all the members (users and groups) in each of those groups, the domain in which the groups are located, the group type (distribution group or security group), group scope (universal, global, or domain local), and the location of the groups in AD.

IT compliance reports

Besides reports based on the permissions of groups and users, ADManager Plus also offers many other reports that are necessary for proving adherence to compliance standards such as HIPAA, SOX, FISMA, GLBA, the GDPR, and PCI DSS. Some of the other available reports include information on:

Click here to learn more.

With these purpose-built reports, ADManager Plus makes it easy to analyze and manage the permissions of AD users and groups, and ensure that they can perform only the operations that they are supposed to perform.

ADManager Plus is a web-based solution for all AD, Microsoft 365, Exchange, MS Teams, Skype for Business, and Google Workspace management and reporting needs. It offers more than 200 prepackaged AD reports with built-in management actions that include information on AD and Microsoft 365 users. This tool allows you to securely delegate organizational unit (OU) and group-based AD tasks to help desk technicians. It also offers customizable workflows to help you streamline and monitor the execution of AD tasks, and automate critical tasks and routines.

Benefits of using ADManager Plus for AD permissions reporting:

  • Generate in-depth reports on AD permissions without any PowerShell scripts.
  • Demonstrate adherence to various IT compliance standards via pre-built reports.
  • Prevent credentials misuse by ensuring that no users have excessive privileges.

Run script-free reports for managing permissions for AD users,
files, and folders.

  • -Select-
By clicking 'Get Your Free Trial', you agree to processing of personal data according to the Privacy Policy.


Your download is in progress and it will be completed in just a few seconds!
If you face any issues, download manually here


We will send the download link to the registered email ID shortly.

Featured links

Other features

Active Directory Group Management

Manage your Active Directory Security Groups. Create, Delete and Modify Groups...all in a few clicks. Configure Exchange attributes of AD Groups and effect bulk group changes to your AD security groups.

Terminal Services management

Configure Active Directory Terminal Services attributes from a much simpler interface than AD native tools. Exercise complete control over technicians accessing other domain users' computers.

Active Directory User Reports

Exhaustive reporting on Active Directory Users and user-attributes. Generate reports in user-activity in your Active Directory. Perform user-management actions right from the report interface!

Active Directory Workflow

A mini Active Directory ticket-management and compliance toolkit right within ADManager Plus! Define a rigid yet flexible constitution for every task in your AD. Tighten the reins of your AD Security.

Active Directory Cleanup

Get rid of the inactive, obsolete and unwanted objects in your Active Directory to make it more secure and efficient...assisted by ADManager Plus's AD Cleanup capabilities.

Active Directory Automation

A complete automation of AD critical tasks such as user provisioning, inactive-user clean up etc. Also lets you sequence and execute follow-up tasks and blends with workflow to offer a brilliant controlled-automation.

Need Features? Tell Us
If you want to see additional features implemented in ADManager Plus, we would love to hear. Click here to continue

ADManager Plus Trusted By

The one-stop solution to Active Directory Management and Reporting