Delegating privilege to a user in Active Directory can be risky for a number of reasons. Cases of users being granted privileges that they don’t need, and subsequently abusing those privileges, have been on the rise. Giving privileges access to large numbers of users can be very problematic – leading to unauthorised access of sensitive data that can be used for malicious purposes. However, delegating privileges to users is necessary to allow them to complete certain tasks, so there’s no way around this. Here are some simple things you can do to secure Active Directory whilst delegating privileges to users. click here to read our blog.
If you want an automated way of tracking current permissions and permission changes then take a free trial of LepideAuditor for Active Directory. This solution will display all historical permission changes between two specified date/time intervals as well as showing all permissions to an object and comparing those permissions between two dates.