Win 2k3 domain - listing OU permissions?

[fear_nothing]

Within a windows 2003 AD Domain, how can I list effective permissions for a domain group that has been granted right to an OU? Access was granted via native windows delegation.

It would be listing out permissions / rights such as:

List Contents
Read All Properties
Read Permissions
Create Computer Objects
Delete Computer Objects
Create Computer Policy Objects
Delete Computer Policy Objects
Read RTCUserSearchPropertySet
Read adminDisplayNAme
Read countryCode

Doing it by hand has proven to be a giant PITA.

 

[Demon10000]

1. Open Active Directory Users and Computers
2. Right click on the OU you want to check the permissions on, click properties.
3. Click the Security tab.
4. Click the Advanced button.
5. Click the Effective Permissions Tab.
6. Click the select button; enter the name of the user or group you want to check. Hit ok.

 

[fear_nothing]

Thats the PITA part I'm trying to avoid. I was hoping there was a VB script or some kind of WMI control or some other way with powershell to garner the same info.