?
Solved

searching for a group on an ACL or other object

Posted on 2011-09-07
5
Medium Priority
?
362 Views
Last Modified: 2012-05-12
We have over 500 domain groups in our AD. I feel some are doing nothing, albeit have members but arent attached to any object/ACL?

Is there anyway to see or search where all groups are "attached", i.e. to a directory ACL?

I think some will link to certain apps as opposed file directories - so I assume we wont be able to find exactly where they are attached? Or would we?
0
Comment
Question by:pma111
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
5 Comments
 
LVL 57

Accepted Solution

by:
Mike Kline earned 1000 total points
ID: 36496160
No real tool to do that (check 100% if a group is truly being used).   See this question I helped with

http://www.experts-exchange.com/Software/Server_Software/File_Servers/Active_Directory/Q_26715278.html

Thanks

Mike
0
 
LVL 20

Assisted Solution

by:brwwiggins
brwwiggins earned 1000 total points
ID: 36496678
I agree with Mike.

The groups don't maintain a list of things they have access to. It's the other way around where the objects maintain the list of groups which can access that object.

You would need to dump the ACLs using some of the tools mentioned in the link above and then you can search that way.
0
 
LVL 3

Author Comment

by:pma111
ID: 36496709
I don't no how to word this but for non directory share acl's how could one see the group? Some seem linked to proxies and apps I assume they aren't visible via common methods or would they be?
0
 
LVL 3

Author Comment

by:pma111
ID: 36496723
I don't no how to word this but for non directory share acl's how could one see the group? Some seem linked to proxies and apps I assume they aren't visible via common methods or would they be?
0
 
LVL 3

Author Comment

by:pma111
ID: 36502465
anyone
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses
Course of the Month12 days, 22 hours left to enroll

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question