Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

searching for a group on an ACL or other object

Posted on 2011-09-07
5
Medium Priority
?
368 Views
Last Modified: 2012-05-12
We have over 500 domain groups in our AD. I feel some are doing nothing, albeit have members but arent attached to any object/ACL?

Is there anyway to see or search where all groups are "attached", i.e. to a directory ACL?

I think some will link to certain apps as opposed file directories - so I assume we wont be able to find exactly where they are attached? Or would we?
0
Comment
Question by:pma111
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
5 Comments
 
LVL 57

Accepted Solution

by:
Mike Kline earned 1000 total points
ID: 36496160
No real tool to do that (check 100% if a group is truly being used).   See this question I helped with

http://www.experts-exchange.com/Software/Server_Software/File_Servers/Active_Directory/Q_26715278.html

Thanks

Mike
0
 
LVL 20

Assisted Solution

by:brwwiggins
brwwiggins earned 1000 total points
ID: 36496678
I agree with Mike.

The groups don't maintain a list of things they have access to. It's the other way around where the objects maintain the list of groups which can access that object.

You would need to dump the ACLs using some of the tools mentioned in the link above and then you can search that way.
0
 
LVL 3

Author Comment

by:pma111
ID: 36496709
I don't no how to word this but for non directory share acl's how could one see the group? Some seem linked to proxies and apps I assume they aren't visible via common methods or would they be?
0
 
LVL 3

Author Comment

by:pma111
ID: 36496723
I don't no how to word this but for non directory share acl's how could one see the group? Some seem linked to proxies and apps I assume they aren't visible via common methods or would they be?
0
 
LVL 3

Author Comment

by:pma111
ID: 36502465
anyone
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
Wouldn't it be nice if objects in Active Directory automatically moved into the correct Organizational Units? This is what AutoAD aims to do and as a plus, it automatically creates Sites, Subnets, and Organizational Units.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question