Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 51
  • Last Modified:

large security descriptors on objects

hi all. my question is general and comes in 2 parts. Anyone know how to view the size of AD large security descriptor objects. and I can't seem to find any decent guides on trouble shooting objects whose security descriptors are getting too large. many thanks.
0
Jason Thomas
Asked:
Jason Thomas
  • 2
  • 2
1 Solution
 
sAMAccountNameSr. Systems EngineerCommented:
Can you define "large"?  I mean are you looking for "extensive/many rules in the ACL" or are you looking for "takes up a ton of memory/bloats the token"?

What kind of objects?  Users/Groups/Computers?
0
 
sAMAccountNameSr. Systems EngineerCommented:
Just messing around with this, I was able to get some info you might find useful:

# Create a reference to the object you want to view
$MyThing = Get-ADUser johndow

# Set your location to AD so you can work with the ACL
set-location AD:

# Get the ACL for your thing and make a reference to it
$MyThingsAcl = Get-ACL -Path $MyThing

# View the SDDL
($MyThingsAcl).Sddl

# Get a count of how many characters are in the ACL
(($MyThingsAcl).Sddl).Length

# Get a count of how many ACE rules you have in the ACL
((($MyThingsAcl).Sddl).Split("`)")).Count

# Get a list of all the unique rules in the ACL
((($MyThingsAcl).Sddl).Split("`(")).Trim(")")

Open in new window


This might be a start to help you get to something more meaningful

If you pipe it through Get-Member, you can see all the methods and properties available to work with.

# Edit:  I updated the code sample with some comments and cleaned it up a bit
0
 
Jason ThomasAuthor Commented:
Hi @Sam. firstly sorry not not getting to you sooner I have been away. in response to your first question the answer is 'with regard to token bloat and poor performance. I am see conflicting views where by some say 1800 entries on an object and other say 300 can cause issue. And second response - looks exciting, I'm going to tey tbose one liners tomorrow morning and report back to you.
Thank you thus far.
0
 
Jason ThomasAuthor Commented:
incredibly thorough low level description once again justifying the cost of the yearly subscription. Thank you.
1
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get 10% Off Your First Squarespace Website

Ready to showcase your work, publish content or promote your business online? With Squarespace’s award-winning templates and 24/7 customer service, getting started is simple. Head to Squarespace.com and use offer code ‘EXPERTS’ to get 10% off your first purchase.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now