Hi,
After a migration we did we want to cleanup some security principals (mostly groups)
Situation:
* File server with data that uses AD groups for the ACLs
* AD OU structure with groups where most of them are used on the file system to protect in some manner. (the groups are not used for anything else!)
What I want to do:
* Cleanup ALL unused groups
Possible unused groups that can be removed:
(1) groups with no members but used on the file system
(2) groups with members but not used anywhere on the file system
Solution for (1)
* Query AD for al empty groups from the OU structure and delete them
* Force AD replication
* Use SUBINACL to remove deleted SIDs with the option /CLEANDELETEDSIDSFROM
Solution for (2)
* Get all used SIDs used on the file system
* Get all GROUP SIDs from AD
* "Extract the file system SIDs from the GROUP sids in AD and remove the groups that are left
Anyone got any other ideas or a tool that can do this for (2)
PS.: It would be nice if the file system was integrated with AD like in the NDS
Cheers,
#JORGE#
This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.
