Get-ObjectAcl

Get-ObjectAcl -SamAccountName <username> -ResolveGUIDs #Get ACLs of an object (permissions of other objects over the indicated one)

Find-InterestingDomainAcl -ResolveGUIDs -Domain newyork.local
Find-InterestingDomainAcl -ResolveGUIDs | ?{$_.IdentityReference -match "RDPUsers"} #Check if any of the interesting permissions founds is realated to a username/group
Get-NetGroupMember -GroupName "Administrators" -Recurse | ?{$_.IsGroup -match "false"} | %{Get-ObjectACL -SamAccountName $_.MemberName -ResolveGUIDs} | select ObjectDN, IdentityReference, ActiveDirectoryRights #Get special rights over All administrators in domain

  Get-ObjectAcl -SamAccountName ramon.maldonado -ResolveGUIDs -Domain newyork.local | ? {
($_.ActiveDirectoryRights -match 'GenericWrite')}


ConvertFrom-SID -ObjectSid S-1-5-21-1209695003-1472128694-59720954-1114 -Domain newyork
.local


#Get the ACLs associated with the specified object
Get-ObjectAcl -SamAccountName elena.lopez –ResolveGUIDs


#Get the ACLs associated with the specified prefix to be used for search
Get-ObjectAcl -ADSprefix 'CN=Administrator,CN=Users' -Verbose


#Search for interesting ACEs
Invoke-ACLScanner -ResolveGUIDs


#check  for rights/permissions for the RDPUsers Group
Invoke-ACLScanner -ResolveGUIDs | ?{$_.IdentityReference -match "RDPUsers"}


#Get the ACLs associated with the specified path
Get-PathAcl -Path "\\bronx.north.newyork.local\sysvol"