Active Directory Cookbook for windows server 2003- P45:If you are familiar with the O'Reilly Cookbook format that can be seen in other popular books, such as the Perl Cookbook, Java Cookbook, and DNS and BIND Cookbook, then the layout of this book will not be anything new to you. The book is composed of 18 chapters, each containing 10-30 recipes for performing a specific Active Directory task. Within each recipe are four sections: problem, solution, discussion, and see also. | dsacls ObjectDN Using VBScript Unfortunately the code to view the ACEs in an ACL is quite messy and long. This will be included as part of the code on the web site for the book http catalog activedckbk . Discussion Viewing an object s ACL is a common task and should already be familiar to most administrators. The ACL editor is useful for checking the permissions that have been set on objects especially after running the Delegation of Control Wizard. In addition to viewing permissions the options available in the GUI include viewing Auditing settings and the Owner of the object. Knowing the owner of and object is important because ownership confers certain inherent rights. Because the ACL Editor is the same for NTFS permissions and properties as it is for Active Directory objects you should feel comfortable with the look and feel of the interface it is exactly the same as File and Folder permissions. I also highly recommend getting familiar with the Advanced View of the ACL Editor as this is truly the view in which you can determine what is going on with permissions. The Basic view presents a list of security principals that have permissions configured but it will not always show every ACE entry. The Advanced view will show the complete picture including the scope of permissions for ACEs down to the object and even attribute level. See Also Recipe for changing an ACL and Recipe for auditing of object access Recipe Customizing the ACL Editor Problem You want to set permissions on attributes that do not show up in the default ACL Editor. Solution The ACL Editor shows only a subset of the object s attributes that permissions can be set on. These can be seen in the ACL Editor by clicking the Advanced button adding or editing a permission entry and selecting the Properties tab. An attribute can have a read permission write permission or both either of which can be set to Allow or Deny. If the .