I’m not aware of an automated process for this. You might be able to use this tool https://adaclscan.codeplex.com/ to compile a report and then you could go clean them up. You’ll want to evaluate the Domain and Config NCs.
Thanks, Brian Desmond (w) 312.625.1438 | (c) 312.731.3132 From: [email protected] [mailto:[email protected]] On Behalf Of Charles F Sullivan Sent: Wednesday, January 20, 2016 7:10 AM To: [email protected] Subject: [NTSysADM] Exchange Retired, ACEs Haven't Is there anyone here with experience retiring an Exchange organization? We moved off of it a year ago and someone from my group was recently finally allowed to retire the servers. I was disappointed to find that the huge number of entries that Exchange adds to ACLs on AD objects were not removed. I have never been involved in completely retiring Exchange, but I had guessed that these ACEs would be removed in the process. I know there are ways to get rid of these manually, but was I guessing wrong that the process would be automatic when properly retiring Exchange? I didn’t find anything in a very quick Google search. Charlie Sullivan Sr. Windows Systems Administrator
