I'd triage whether this is actually really necessary before you go and do this. I've had customers do this before - you have to build something to suck out the membership and then reload it.
Thanks, Brian Desmond [email protected]<mailto:[email protected]> w - 312.625.1438 | c - 312.731.3132 From: [email protected] [mailto:[email protected]] On Behalf Of Webster Sent: Tuesday, June 18, 2013 6:17 PM To: <[email protected]> Subject: [NTSysADM] Finding AD groups with legacy members Current project had a consulting group come in and do an AD Assessment. One of their findings was that they have many groups with almost 5,000 members. Most of the groups were created and users added pre 2003 DFL/FFL . Their conclusion was the legacy members need to be removed and readded to the groups to enable LVR for each group member. Whether you or I agree with this conclusion, I have been tasked with finding which of their almost 24,000 groups have Legacy members. I know I can do this: C:\>repadmin /showobjmeta shc-dc "cn=administrators,cn=builtin,dc=shc,dc=org" 17 entries. <snip> 21 entries. Type Attribute LEGACY member LEGACY member LEGACY member LEGACY member LEGACY member LEGACY member LEGACY member LEGACY member LEGACY member LEGACY member LEGACY member LEGACY member PRESENT member PRESENT member PRESENT member PRESENT member PRESENT member PRESENT member PRESENT member PRESENT member PRESENT member C:\> I could run that command 24,000 times but it would be nice to automate that. BUT, all the DCs are 2003 so I don't have access to using the Microsoft PowerShell AD stuff. My GoogleFU is failing me and I have not found a script that finds AD Security groups with Legacy members. Any hints, clues, tips or help from the peanut gallery? Once I know all the groups with Legacy members, then my next task is the removing of the Legacy members and adding them back in so LVR is enabled (I did find a script for that). Once that is done, I can begin the process of moving them to Server 2012 DCs and all those benefits. Thanks Carl Webster Consultant and Citrix Technology Professional http://www.CarlWebster.com<http://www.carlwebster.com/>
