AD explorer tool?

Sep 22, 2009 at 2:48 PM

The permission checker is great when you need to see all objects that an user has access to. Is there anything similar that works the other way around, by object, not by user? I need something that allows me to see what users have permission to an object. I am not asking about explicit permission which are easy to find in "manage permission" on the list. I am interested in implicit permissions. I would like , let's say, the owner of a site to see all users that have rights to a list, when these users were granted implicit rights, as members of an AD group or a sharepoint group. For example, if the HR site owner checks the rights on the HR calendar, he will see all the HR groups that have rights, but he wont be able to see who's in those groups, he will call IT to request a list users that belong to those AD groups. Any of these 2 will help:
- a similar app that returns a grid with users and type of rights for a selected object
- an AD browser (or explorer) where the HR site owner, after seing that "HR-benefits" group has read access, can go in the AD tree view and browse to see who's in the "HR-benefits" security group.