|
Another might be to check where the groups
are being used. If they’re used to secure file/print type resources and/or
AD resources then they may be discovered using a decent reporting tool, i.e
check if group X is used in AD anywhere, or is present on THAT server. You could
explore this via scripts or use third party reporting tools that support ACL
level reporting From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of GRILLENMEIER,GUIDO
(HP-Germany,ex1) delete one by one and see who screems ;-) or go through a terrible audit of your
whole IT environment to see which groups are used on which resoures on any
joined or trusted part of your AD infrastructure. Welcome to the
downsides of the DACL (Discretionary Access Control List) model, where any
owner controls ACLs on his objects => I sure hope that MS is able to
keep to their plans to try to replace DACL with RBAC (Role Based Access
Control) in future OSs - but they have a long way to go (won't even try to
imaging the compatibility issues...). /Guido From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Is there a way that I can see
what groups are not used anymore in AD. |
- [ActiveDir] AD Groups Philadelphia, Lynden - Revios Toronto
- RE: [ActiveDir] AD Groups GRILLENMEIER,GUIDO (HP-Germany,ex1)
- RE: [ActiveDir] AD Groups Nicolas Blank
- RE: [ActiveDir] AD Groups GRILLENMEIER,GUIDO (HP-Germany,ex1)
- RE: [ActiveDir] AD Groups GRILLENMEIER,GUIDO (HP-Germany,ex1)
