We have some 4-5000 groups in our Active Directory environment. We would like to setup a quartly review process to ensure that the people within these groups still indeed need that access (This is a IT Security driven project). Any advice on how to tackle this?
1) our first hurdle is to identiy owners for each group.
Any recommendations? Right now are thoughts are to have a standard string that we can search with a script in the description field, and parse out a username from it.
2) Once we have a standard and automatic process for identifing the owner, how do we go about getting the relevant information (Group name and users in the group) to the owners for review? Right now we are thinking a PowerShell script could perform this function for, grab the group name, the members, identify the owner, compile a spreadsheet, and then email the spreadsheet to the owner.