you can script out the permissions. There are a couple issues (which could be modified with the script)
a) you need to change the script to iterate through all objects (right now you have to hard code it
b) the script doesn't write out the name of the object whose ACLs are being denoted
c) for the type of permissions it gives a SID code, you might want to map this out so it makes sense
On Error Resume Next
'Declare all constant variables
CONST ADS_ACEFLAG_INHERIT_ACE = 2
CONST ADS_ACETYPE_ACCESS_ALLOWED = 0
CONST ADS_ACETYPE_ACCESS_DENIED = &H1
CONST ADS_ACETYPE_SYSTEM_AUDIT = &H2
CONST ADS_ACETYPE_ACCESS_ALLOWED_OBJECT = &H5
CONST ADS_ACETYPE_ACCESS_DENIED_OBJECT = &H6
CONST ADS_ACETYPE_SYSTEM_AUDIT_OBJECT = &H7
CONST ADS_ACETYPE_SYSTEM_ALARM_OBJECT = 8
Const ADS_FLAG_OBJECT_TYPE_PRESENT = &H1
Const ADS_FLAG_INHERITED_OBJECT_TYPE_PRESENT = &H2
Const ADS_RIGHT_DS_CONTROL_ACCESS = &H100
CONST ADS_RIGHT_DS_CREATE_CHILD = &H1
Const ADS_RIGHT_DS_WRITE_PROP = &H20
const ADS_OPTION_SECURITY_MASK = 3
const ADS_SECURITY_INFO_DACL = 4
Const ADS_SCOPE_SUBTREE = 2
'======================================================================================================
'Main Body of Script
'======================================================================================================
'Declare global variables and connect to OU
Const ForWriting = 2
Set ofso = CreateObject("Scripting.FileSystemObject")
Set ofso1 = CreateObject("Scripting.FileSystemObject")
Set objCommentFile = oFSO.OpenTextFile("c:\AddedToMailboxGroup.xls", _
ForWriting, TRUE)
Set objCommentFile1 = oFSO.OpenTextFile("c:\AddedToSendAsGroup.xls", _
ForWriting, TRUE)
'in the following line you need to set the ldap connection to reflect the path in AD
Set oContainer = GetObject("LDAP://ou=workstations,DC=your domain,DC=com")
For Each oAccount in oContainer
wscript.echo oAccount.displayName
'Get the Security Info for the object
wscript.echo oaccount.cn & " cn info"
Set NTFS = oAccount.Get("ntSecurityDescriptor")
set dacl1= NTFS.discretionaryACL
Set objAce1 = CreateObject("AccessControlEntry")
wscript.echo objAce1.Trustee
objAce1.AceFlags = 0
objAce1.AceType = ADS_ACETYPE_ACCESS_ALLOWED_OBJECT
objAce1.Flags = ADS_FLAG_OBJECT_TYPE_PRESENT OR ADS_FLAG_INHERITED_OBJECT_TYPE_PRESENT
objAce1.ObjectType = "{AB721A54-1E2F-11D0-9819-00AA0040529B}"
objAce1.AccessMask = ADS_RIGHT_DS_CONTROL_ACCESS
dacl1.AddAce objAce1
For each Ace1 in Dacl1
Wscript.echo "Ace.Trustee: " & Ace1.Trustee
objCommentFile1.Write ace1.trustee & vbtab & ace1.ObjectType & vbtab & ace1.accessmask & vbtab & ace1.AceType & vbtab & vbcrlf
objCommentFile1.Write ace1.trustee & vbtab & ace1.accessmask & vbtab & ace1.AceType & vbtab & vbcrlf
Next
wscript.echo
wscript.echo
Next
Wscript.echo "Script is finished running."