Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ActiveDirectory on Server 2008 R2


  • Please log in to reply
4 replies to this topic

#1 wojtek915

wojtek915

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:18 PM

Posted 21 August 2017 - 02:52 AM

Hi,
I need cleaning  my Acitve Directory.
I have a few security group. Most of them is in useing, but a few is unused.
How to cheack, which group is used or unused on Servers.
I used these group on 6-8 servers.


BC AdBot (Login to Remove)

 


m

#2 Sneakycyber

Sneakycyber

    Network Engineer


  • BC Advisor
  • 6,031 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ohio
  • Local time:02:18 PM

Posted 25 August 2017 - 01:27 PM

You can check the security group membership in Active Directory Users and Computers, you can also see if there are any Group policies being applied in the Group policy management console. 


Chad Mockensturm 

Systems and Network Engineer

Certified CompTia Network +, A +


#3 wojtek915

wojtek915
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:18 PM

Posted 28 August 2017 - 04:15 AM

In Active Directory I can check only who is in group. I need to check where my group are use.  On which server are implemented.



#4 sflatechguy

sflatechguy

  • BC Advisor
  • 2,125 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:18 PM

Posted 29 August 2017 - 08:10 AM

Any server or computer that is joined to the domain can potentially use an AD security group. For group policy, check the GP management console.

 

It sounds like you are trying to determine if groups were used to configure NTFS permissions on folders and shares. That's harder to determine -- you would need to check each server/client for the folder access permissions on each. If you're good with PowerShell, here's a link to a script that will go through all your servers/clients and check for groups and their NTFS permissions: https://blogs.technet.microsoft.com/ashleymcglone/2014/03/17/powershell-to-find-where-your-active-directory-groups-are-used-on-file-shares/



#5 JohnnyJammer

JohnnyJammer

  • Members
  • 1,101 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:QLD Australia
  • Local time:05:18 AM

Posted 29 August 2017 - 04:44 PM

Personally i would use WMIC.

As the domain admin, open a dos prompt and then run the command below

 

wmic useraccount where disabled="true" get /all /format:list >> C:\DisabledUsers.txt

Simples.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users