I have inherited an AD that has a ton of Security groups defined that are causing the overview of what is used to allow who access to what is very difficult to get to grips with.
Is it possible to query a tool with a file/folder and a username, and have returned the group membership that is used to give access to the file? Even better would be if the tool showed through which following membership access was granted...
The Security groups are sometimes 6-7 memberships deep, and that is not a practicable way of using them to control accessibilty... not in my book anyway.
Apologies if my english gets convoluted, I'm not so good at describing technical issues in english.