[Active Directory] AD ACL Scanner Tool

Robin Grandberg from Platform PFE's in Sweden Blog has released a great tool to create reports of access control lists in Active Directory.

This tool has the following features:

•     View HTML reports of ACLs and save it to disk.
•     Export ACLs on Active Directory objects in a CSV format.
•     Connect and browse you default domain, schema , configuration or a naming context defined by distinguishedname.
•     Browse naming context by clicking you way around, either by OU’s or all types of objects.
•     Report only explicitly assigned ACLs.
•     Report on OUs , OUs and Container Objects or all object types.
•     Filter ACLs for a specific access type.. Where does “Deny” permission exists?
•     Filter ACLs for a specific identity. Where does "Domain\Client Admins" have explicit access?
•     Filter ACLs for permission on specific object. Where are permissions set on computer objects?
•     Skip default permissions (defaultSecurityDescriptor) in report. Makes it easier to find custom permissions.
•     Report owner of object.
•     Compare previous results with the current configuration and see the differences by color scheme (Green=matching permissions, Yellow= new permissions, Red= missing permissions).
•     Report when permissions were modified
•     Can use AD replication metadata when comparing.
•     Can convert a previously created CSV file to a HTML report. 

For more information : Take Control Over AD Permissions and the AD ACL Scanner Tool
The tool is available here : https://adaclscan.codeplex.com/