Dsacls Overview

Mis à jour: mars 2003

S'applique à: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Tool Location

The Dsacls command-line tool is included when you install Windows Server 2003 Support Tools from the product CD or from the Microsoft Download Center (http://go.microsoft.com/fwlink/?LinkId=100114). For more information about how to install Windows Support Tools from the product CD, see Install Windows Support Tools (http://go.microsoft.com/fwlink/?LinkId=62270).

Dsacls.exe: DsAcls

This command-line tool displays and changes permissions (access control entries) in the access control list (ACL) of objects in Active Directory.


  • The ACEs that you add by using DsAcls must be object-specific permissions that override the default permissions defined in the Active Directory schema for that object type. Do not add ACEs unless you are well-informed about security for Active Directory objects.

Corresponding UI

DsAcls is the command-line equivalent of the Security tab in the Properties dialog box for an Active Directory object in Active Directory tools, such as Active Directory Users and Computers. You can use either tool to view and change permissions to an Active Directory object.


For more information about Active Directory, see Déploiement de Active Directory.

System Requirements

The following are the system requirements for DsAcls:

  • DsAcls runs on Windows 2000, Windows XP Professional, and Windows Server 2003.

  • To view an ACL, the user must have read permissions on Active Directory objects. To change an ACL, the user must have write permissions to the Active Directory object.

File Required

  • Dsacls.exe

Voir aussi

Ajouts de la communauté