Solved

searching for a group on an ACL or other object

Posted on 2011-09-07
5
359 Views
Last Modified: 2012-05-12
We have over 500 domain groups in our AD. I feel some are doing nothing, albeit have members but arent attached to any object/ACL?

Is there anyway to see or search where all groups are "attached", i.e. to a directory ACL?

I think some will link to certain apps as opposed file directories - so I assume we wont be able to find exactly where they are attached? Or would we?
0
Comment
Question by:pma111
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
5 Comments
 
LVL 57

Accepted Solution

by:
Mike Kline earned 250 total points
ID: 36496160
No real tool to do that (check 100% if a group is truly being used).   See this question I helped with

http://www.experts-exchange.com/Software/Server_Software/File_Servers/Active_Directory/Q_26715278.html

Thanks

Mike
0
 
LVL 20

Assisted Solution

by:brwwiggins
brwwiggins earned 250 total points
ID: 36496678
I agree with Mike.

The groups don't maintain a list of things they have access to. It's the other way around where the objects maintain the list of groups which can access that object.

You would need to dump the ACLs using some of the tools mentioned in the link above and then you can search that way.
0
 
LVL 3

Author Comment

by:pma111
ID: 36496709
I don't no how to word this but for non directory share acl's how could one see the group? Some seem linked to proxies and apps I assume they aren't visible via common methods or would they be?
0
 
LVL 3

Author Comment

by:pma111
ID: 36496723
I don't no how to word this but for non directory share acl's how could one see the group? Some seem linked to proxies and apps I assume they aren't visible via common methods or would they be?
0
 
LVL 3

Author Comment

by:pma111
ID: 36502465
anyone
0

Featured Post

Transaction Monitoring Vs. Real User Monitoring

Synthetic Transaction Monitoring Vs. Real User Monitoring: When To Use Each Approach? In this article, we will discuss two major monitoring approaches: Synthetic Transaction and Real User Monitoring.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question