Broadsound
asked on
Find out where security groups are being used
My organization has about 150 security groups setup in active directory (the previous IT guy had a lot of free time). There are only about 40 users in our organization and all of these users are members of multiple groups. I suspect that many of these groups are not even being used for anything right now.
Is there an easy way to find out which directory permissions a group has been added to?
Also, if anyone has any advice as to the simplest way to start cutting down the number of groups, that would be much appreciated (I know that this is hard to do without some knowledge of my organization, but any general advice would be great).
Thanks in advance.
Is there an easy way to find out which directory permissions a group has been added to?
Also, if anyone has any advice as to the simplest way to start cutting down the number of groups, that would be much appreciated (I know that this is hard to do without some knowledge of my organization, but any general advice would be great).
Thanks in advance.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Thanks for the grade. Glad I could help out. Good luck.
For example: folder e:\Purchasing would have 2 security Groups only Purchasing and Purchasing RO.
When you start putting different Security Groups or even worse individual users on sub folders you lose control.
So if a member of Sales needs access but not read write to Purchasing they get Purchasing RO.
Or if you want to divide it up you can have Purchasing and Purchasing MGMT or whatever.
Also each Security Group has an Owner that is place in Description and their permission is needed to add a user, normally the department manager.
Sounds like you have your work cut out for you.