It is extremely difficult to uncover the security implications of the many permissions configured in a large Active Directory (AD) environment. So, I have created a tool called ImproHound to help with that. ImproHound will identifying AD attack paths breaking the AD tier model using the awesomeness of BloodHound. It is available on GitHub including source code, install instructions, and usage guide: https://github.com/improsec/ImproHound
The blogpost explains the motivation for creating ImproHound and what I hope the tool can do for you.