That "option" is on the list :) But preferably towards the end of the task for the groups that fall into the "no idea at all" category.
Shareenum has provide the info on file shares so we have that data. James. From: [email protected] [mailto:[email protected]] On Behalf Of Daniel Chenault Sent: Wednesday, 18 December 2013 8:08 AM To: [email protected] Subject: RE: [NTSysADM] Auditing AD Security Group usage You could always disable the questionable groups and see who comlains. :) Perhaps a PS script to walk shares and dump the perms? ________________________________ From: [email protected]<mailto:[email protected]> To: [email protected]<mailto:[email protected]> Subject: [NTSysADM] Auditing AD Security Group usage Date: Tue, 17 Dec 2013 21:58:41 +0000 I'm currently working in an AD environment that has been poorly documented. In particular there are a large number of security groups whose usage is unknown. We initially looked at the last modified attribute as that at least let us know about groups that are recently modified. To find what they are actually used for does not appear to be a simple task. We have used some other tools such as shareenum to check for security groups that are used for share permissions. To try and simplify the process I'm wondering if it is possible to audit where specific group membership queries are coming from? We could then investigate those devices etc individually to see what they use the security group for. Any other suggestions are welcome! James.
