Solved

searching for a group on an ACL or other object

Posted on 2011-09-07
5
352 Views
Last Modified: 2012-05-12
We have over 500 domain groups in our AD. I feel some are doing nothing, albeit have members but arent attached to any object/ACL?

Is there anyway to see or search where all groups are "attached", i.e. to a directory ACL?

I think some will link to certain apps as opposed file directories - so I assume we wont be able to find exactly where they are attached? Or would we?
0
Comment
Question by:pma111
  • 3
5 Comments
 
LVL 57

Accepted Solution

by:
Mike Kline earned 250 total points
ID: 36496160
No real tool to do that (check 100% if a group is truly being used).   See this question I helped with

http://www.experts-exchange.com/Software/Server_Software/File_Servers/Active_Directory/Q_26715278.html

Thanks

Mike
0
 
LVL 20

Assisted Solution

by:brwwiggins
brwwiggins earned 250 total points
ID: 36496678
I agree with Mike.

The groups don't maintain a list of things they have access to. It's the other way around where the objects maintain the list of groups which can access that object.

You would need to dump the ACLs using some of the tools mentioned in the link above and then you can search that way.
0
 
LVL 3

Author Comment

by:pma111
ID: 36496709
I don't no how to word this but for non directory share acl's how could one see the group? Some seem linked to proxies and apps I assume they aren't visible via common methods or would they be?
0
 
LVL 3

Author Comment

by:pma111
ID: 36496723
I don't no how to word this but for non directory share acl's how could one see the group? Some seem linked to proxies and apps I assume they aren't visible via common methods or would they be?
0
 
LVL 3

Author Comment

by:pma111
ID: 36502465
anyone
0

Featured Post

Free eBook: Backup on AWS

Everything you need to know about backup and disaster recovery with AWS, for FREE!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In-place Upgrading Dirsync to Azure AD Connect
A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

679 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question