Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Active Directory Security Group

Posted on 2010-11-11
6
Medium Priority
?
390 Views
Last Modified: 2013-12-04
Do you know of any tool or way that will help me resolve an AD group to its Folder? Ie: I have the Active Directory Group, but the description is blank and would like to know which Folder it corresponds to.

To explain abit further: I have AD Groups that I have no idea what they do. I'm pretty sure that they are giving permissions to specific folders on the network and would like to find out which folder on the network the AD group corresponds to.

Thanks.
0
Comment
Question by:bge01
5 Comments
 
LVL 9

Expert Comment

by:x3man
ID: 34110332
0
 
LVL 2

Assisted Solution

by:gentle0000
gentle0000 earned 664 total points
ID: 34110394
Hi,

When you apply permissions to a network resource, you store the AD SID of that user or group to the NTFS File System of the machine which has the specific network resource. (i.e. Share Folder).

There is nowhere on the AD Database where it is stored where that SID was used and if you think it well there is no reason that it should be, because that information wouldn't be accurate.

So the answer to your question is that there is no way to find that kind of information with that way.
You will have to try a different approach.
Try to find a program that exports the NTFS permissions and then check the groups used manually.

With Regards,

0
 
LVL 27

Accepted Solution

by:
KenMcF earned 672 total points
ID: 34110417
If this is multiple servers it will be a little hard, you could use a product like security explorer

http://www.scriptlogic.com/products/security-explorer/


Another thing you can do is change the security group to a distribution group. Find out what they loose access to, if needed you can switch back to a security group and they will get all the permissions back becuase to group will still keep the SID.
0
 
LVL 24

Assisted Solution

by:Awinish
Awinish earned 664 total points
ID: 34110612
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 34700104
This question has been classified as abandoned and is being closed as part of the Cleanup Program. See my comment at the end of the question for more details.
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
Wouldn't it be nice if objects in Active Directory automatically moved into the correct Organizational Units? This is what AutoAD aims to do and as a plus, it automatically creates Sites, Subnets, and Organizational Units.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

577 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question