We help IT Professionals succeed at work.

A WAY TO NOW IF SECURITY GROUP IS USED ON ACTIVE DIRECTORY

Hello,

I need to now if any tool or way exist to now if in my Active directory:

- a security group is used for any application authentification or shared folder or file?

I need to now so i can remove group not used.

thanks for help
Comment
Watch Question

Most Valuable Expert 2019
Most Valuable Expert 2018
Commented:
Well, what I just wrote in https://www.experts-exchange.com/questions/29164556/Is-there-a-way-to-know-if-an-AD-group-is-still-in-used.html#a42981250:
Basically "no", which is why it's important to use a good naming scheme and put the group's function into its description (or someplace else, wherever you document your environment).
A group can be used to assign AD permissions, NTFS permissions on a file server or any other machine, user rights (like "logon as a service") on any machine, stop or start services,  access a machine remotely, access/manage WMI, access/manage DCOM, manage printers, manage backups, manage DHCP, access certificate templates, do something based on group membership in scripts, filter GPOs, assign SQL permissions, in IIS, in DNS, manage VMs, manage AV, manage VPN logon, manage switches, in any third-party application that has its own right management; in case of a global group, it can have permissions anywhere in any trusting domain. It can be used to collect its members as a role in the organization; if it's email enabled, it can be used to access email. And probably dozens more ...