[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

Find unused groups in Active Directory

Posted on 2004-04-15
4
Medium Priority
?
996 Views
Last Modified: 2007-12-19
Are there any utilities that search for groups in active directory that are unused and  don't have any permissions assigned to them?

W2k Server.

Thanks
0
Comment
Question by:wickednz
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 3

Expert Comment

by:following
ID: 10841735
Here is a link to an excellent post about searching AD for groups that have no members:

http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&selm=uWSeykPNDHA.2408%40TK2MSFTNGP10.phx.gbl&rnum=2

Although this looks like a good place to start for you, be sure to note the limitations that are described.

Hope this helps,
-jdm
0
 
LVL 3

Expert Comment

by:following
ID: 10841793
This one may be of interest to you as well:

http://www.rlmueller.net/Document%20Domain%20Groups.htm

jdm
0
 

Author Comment

by:wickednz
ID: 10854703
Thanks - those scripts could be useful but I'm more after something that can find out if a group is used anywhere on a server - eg: having directory rights
0
 
LVL 3

Accepted Solution

by:
following earned 1000 total points
ID: 10859852
Aha, I'm sorry that I misunderstood the question.  In that case, the simplest way I know of to find out if a group is used anywhere on a server:

 - Run Somarsoft's freeware DumpSec utility (formerly DumpACL) on the server
 - Use the utility's built-in search capabilities to search for instances of the groups in question
 - If you find an instance of a group listed, you will be able to see on which files/folders it is being used

DumpSec (freely downloadable from http://www.systemtools.com/somarsoft) may be used to dump the permissions for the file system, printers, registry, and shares.  If you need to dump the permissions on active directory objects, use DSACLS from the Windows 2000 Support Tools (on the server CD).  Redirect its output to a text file and use an editor such as notepad to search for the groups in question.

Hope this helps,
-jdm
0

Featured Post

Veeam Task Manager for Hyper-V

Task Manager for Hyper-V provides critical information that allows you to monitor Hyper-V performance by displaying real-time views of CPU and memory at the individual VM-level, so you can quickly identify which VMs are using host resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Have you ever set up your wireless router at home or in the office to find that you little pop-up bubble in the bottom right-hand corner of Windows read "IP Conflict - One of more computers on the network have been assigned the following IP address"…
Trying to figure out group policy inheritance and which settings apply where can be a chore.  Here's a very simple summary I've written which might help.  Keep in mind, this is just a high-level conceptual overview where I try to avoid getting bogge…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question