Solved

Find unused groups in Active Directory

Posted on 2004-04-15
4
954 Views
Last Modified: 2007-12-19
Are there any utilities that search for groups in active directory that are unused and  don't have any permissions assigned to them?

W2k Server.

Thanks
0
Comment
Question by:wickednz
  • 3
4 Comments
 
LVL 3

Expert Comment

by:following
ID: 10841735
Here is a link to an excellent post about searching AD for groups that have no members:

http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&selm=uWSeykPNDHA.2408%40TK2MSFTNGP10.phx.gbl&rnum=2

Although this looks like a good place to start for you, be sure to note the limitations that are described.

Hope this helps,
-jdm
0
 
LVL 3

Expert Comment

by:following
ID: 10841793
This one may be of interest to you as well:

http://www.rlmueller.net/Document%20Domain%20Groups.htm

jdm
0
 

Author Comment

by:wickednz
ID: 10854703
Thanks - those scripts could be useful but I'm more after something that can find out if a group is used anywhere on a server - eg: having directory rights
0
 
LVL 3

Accepted Solution

by:
following earned 250 total points
ID: 10859852
Aha, I'm sorry that I misunderstood the question.  In that case, the simplest way I know of to find out if a group is used anywhere on a server:

 - Run Somarsoft's freeware DumpSec utility (formerly DumpACL) on the server
 - Use the utility's built-in search capabilities to search for instances of the groups in question
 - If you find an instance of a group listed, you will be able to see on which files/folders it is being used

DumpSec (freely downloadable from http://www.systemtools.com/somarsoft) may be used to dump the permissions for the file system, printers, registry, and shares.  If you need to dump the permissions on active directory objects, use DSACLS from the Windows 2000 Support Tools (on the server CD).  Redirect its output to a text file and use an editor such as notepad to search for the groups in question.

Hope this helps,
-jdm
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Enterprise networks where VoIP phones have been deployed frequently use port configurations that allow both a computer and an IP phone to be plugged into the same switch port but use different VLANs. On Cisco equipment I'm referring to the "native V…
Are you one of those front-line IT Service Desk staff fielding calls, replying to emails, all-the-while working to resolve end-user technological nightmares? I am! That's why I have put together this brief overview of tools and techniques I use in o…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now