none
inactive groups in Active Directory

    Question

  • /Need a way to find the list of inactive user groups(Security) in AD, for a cleanup. How can I find it
    Wednesday, March 25, 2015 5:59 AM

Answers

  • > /Need a way to find the list of inactive user groups(Security) in AD,
    > for a cleanup. How can I find it
     
    You cannot. Groups are not "active" in the way a user or computer is
    active. You don't know which user needs which group memberships because
    you don't know in which ACL a given group was/is used.
     
    So you need to scan all your file servers, print servers, SQL and
    Sharepoint servers, Exchange and Web servers and collect an inventory of
    all groups used in any ACL found. After that you can justify if a group
    is required or not :)
     

    Greetings/Grüße, Martin

    Mal ein gutes Buch über GPOs lesen?
    Good or bad GPOs? - my blog…
    And if IT bothers me - coke bottle design refreshment (-:
    Wednesday, March 25, 2015 8:26 AM

All replies