Enum ACL All users

Get-ObjectAcl -SamAccountName "users" -ResolveGUIDs  | select IdentityReference, ActiveDirectoryRights

Enum ACL For DC

Get-ObjectAcl -SamAccountName "Domain Admins" -ResolveGUIDs | select ObjectDN, ActiveDirectoryRights

Enum ACL's For All GPO's

Get-NetGPO | %{Get-ObjectAcl -ResolveGUIDs -Name $_.Name}

Checking For mody rights/permissions For RDPUsers

Invoke-ACLScanner -ResolveGUIDs | ?{$_.IdentityReference -match "RDPUsers"}

Resources

Abusing Active Directory ACLs/ACEs