Unfortunately, it's far more complicated than that.
You have to walk:
Shares
Servers (each volume)
Exchange
SQL
SharePoint
BizTalk
IIS
AD
And any number of non-Microsoft products (and I'm sure I've left out some MSFT
products where this is important).
From: [email protected] [mailto:[email protected]] On
Behalf Of Daniel Chenault
Sent: Tuesday, December 17, 2013 5:08 PM
To: [email protected]
Subject: RE: [NTSysADM] Auditing AD Security Group usage
You could always disable the questionable groups and see who comlains. :)
Perhaps a PS script to walk shares and dump the perms?
________________________________
From: [email protected]<mailto:[email protected]>
To: [email protected]<mailto:[email protected]>
Subject: [NTSysADM] Auditing AD Security Group usage
Date: Tue, 17 Dec 2013 21:58:41 +0000
I'm currently working in an AD environment that has been poorly documented. In
particular there are a large number of security groups whose usage is unknown.
We initially looked at the last modified attribute as that at least let us know
about groups that are recently modified. To find what they are actually used
for does not appear to be a simple task. We have used some other tools such as
shareenum to check for security groups that are used for share permissions.
To try and simplify the process I'm wondering if it is possible to audit where
specific group membership queries are coming from? We could then investigate
those devices etc individually to see what they use the security group for.
Any other suggestions are welcome!
James.
