Answered by:
inactive groups in Active Directory

Question
Answers
-
> /Need a way to find the list of inactive user groups(Security) in AD,> for a cleanup. How can I find itYou cannot. Groups are not "active" in the way a user or computer isactive. You don't know which user needs which group memberships becauseyou don't know in which ACL a given group was/is used.So you need to scan all your file servers, print servers, SQL andSharepoint servers, Exchange and Web servers and collect an inventory ofall groups used in any ACL found. After that you can justify if a groupis required or not :)
Greetings/Grüße, Martin
Mal ein gutes Buch über GPOs lesen?
Good or bad GPOs? - my blog…
And if IT bothers me - coke bottle design refreshment (-:- Proposed as answer by Meinolf Weber Monday, April 13, 2015 10:36 AM
- Marked as answer by Frank Shen5Moderator Wednesday, April 15, 2015 9:41 AM
All replies
-
> /Need a way to find the list of inactive user groups(Security) in AD,> for a cleanup. How can I find itYou cannot. Groups are not "active" in the way a user or computer isactive. You don't know which user needs which group memberships becauseyou don't know in which ACL a given group was/is used.So you need to scan all your file servers, print servers, SQL andSharepoint servers, Exchange and Web servers and collect an inventory ofall groups used in any ACL found. After that you can justify if a groupis required or not :)
Greetings/Grüße, Martin
Mal ein gutes Buch über GPOs lesen?
Good or bad GPOs? - my blog…
And if IT bothers me - coke bottle design refreshment (-:- Proposed as answer by Meinolf Weber Monday, April 13, 2015 10:36 AM
- Marked as answer by Frank Shen5Moderator Wednesday, April 15, 2015 9:41 AM
-
-
> How AD can understand a particular group is not being used?As I already wrote: It cannot :)
Greetings/Grüße, Martin
Mal ein gutes Buch über GPOs lesen?
Good or bad GPOs? - my blog…
And if IT bothers me - coke bottle design refreshment (-: