RE: [ActiveDir] AD Groups

[GRILLENMEIER,GUIDO (HP-Germany,ex1)]

delete one by one and see who screems ;-)   or go through a terrible audit of your whole IT environment to see which groups are used on which resoures on any joined or trusted part of your AD infrastructure.  Welcome to the downsides of the DACL (Discretionary Access Control List) model, where any owner controls ACLs on his objects => I sure hope that MS is able to keep to their plans to try to replace DACL with RBAC (Role Based Access Control) in future OSs - but they have a long way to go (won't even try to imaging the compatibility issues...).   /Guido From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Philadelphia, Lynden - Revios Toronto Sent: Mittwoch, 10. M�rz 2004 19:35 To: '[EMAIL PROTECTED]' Subject: [ActiveDir] AD Groups Is there a way that I can see what groups are not used anymore in AD.