Solved

searching for a group on an ACL or other object

Posted on 2011-09-07
5
347 Views
Last Modified: 2012-05-12
We have over 500 domain groups in our AD. I feel some are doing nothing, albeit have members but arent attached to any object/ACL?

Is there anyway to see or search where all groups are "attached", i.e. to a directory ACL?

I think some will link to certain apps as opposed file directories - so I assume we wont be able to find exactly where they are attached? Or would we?
0
Comment
Question by:pma111
  • 3
5 Comments
 
LVL 57

Accepted Solution

by:
Mike Kline earned 250 total points
ID: 36496160
No real tool to do that (check 100% if a group is truly being used).   See this question I helped with

http://www.experts-exchange.com/Software/Server_Software/File_Servers/Active_Directory/Q_26715278.html

Thanks

Mike
0
 
LVL 20

Assisted Solution

by:brwwiggins
brwwiggins earned 250 total points
ID: 36496678
I agree with Mike.

The groups don't maintain a list of things they have access to. It's the other way around where the objects maintain the list of groups which can access that object.

You would need to dump the ACLs using some of the tools mentioned in the link above and then you can search that way.
0
 
LVL 3

Author Comment

by:pma111
ID: 36496709
I don't no how to word this but for non directory share acl's how could one see the group? Some seem linked to proxies and apps I assume they aren't visible via common methods or would they be?
0
 
LVL 3

Author Comment

by:pma111
ID: 36496723
I don't no how to word this but for non directory share acl's how could one see the group? Some seem linked to proxies and apps I assume they aren't visible via common methods or would they be?
0
 
LVL 3

Author Comment

by:pma111
ID: 36502465
anyone
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
User Being Logged Out of AD 6 68
AD and Exchnage 2010 Photos 3 42
Active Directory Replication has stopped Error 8606 34 43
active directory 6 13
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html?cid=Gene_Skyport) provided 218 attendees with a step-by-step guide for…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question