Thanks for replying.
You say that it is normal that the sid still remains in file & directory ACLs
after the deletion of the corresponding group ??
I always thought that sids *HAVE TO* disapear dynamically on all existing
ACLs set on file server.
I'm a bit surprise that the system (AD<->file server) leave this dirty sid
and that there is no synchronisation that updates the "link" between the AD
object and the ACE....
What is the reason ? could this behavior be altering ?
I'd like sid disappears after deletion of the corresponding group in AD in
order to not have this dirty SIDs...
Thanks.
Yann
"Akomolafe, Deji" <[EMAIL PROTECTED]> a écrit :
It's "normal". You should be permissioning your resources with groups
instead of directly with user accounts. Groups tend to last longer, so you
don't have to deal with the horrible SIDs.
Sincerely,
_____
(, / | /) /) /)
/---| (/_ ______ ___// _ // _
) / |_/(__(_) // (_(_)(/_(_(_/(__(/_
(_/ /)
(/
Microsoft MVP - Directory Services
www.akomolafe.com - we know IT
-5.75, -3.23
Do you now realize that Today is the Tomorrow you were worried about Yesterday?
-anon
---------------------------------
From: Yann
Sent: Thu 1/4/2007 1:52 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] SID Deleted users remains in NTS permission.
Hello all & Happy new year ! :)
AD 2k3 sp1 in FFL mode.
When i delete a user or group from AD, and these objects have permissions on
ntfs permissions, i usually see their sids remaining in those file & directory
ACLs.
Is this normal ? If not,what could be the reason(s) & how to investigate this
issue ?
Thanks,
Yann
__________________________________________________
Do You Yahoo!?
En finir avec le spam? Yahoo! Mail vous offre la meilleure protection possible
contre les messages non sollicités
http://mail.yahoo.fr Yahoo! Mail
__________________________________________________
Do You Yahoo!?
En finir avec le spam? Yahoo! Mail vous offre la meilleure protection possible
contre les messages non sollicités
http://mail.yahoo.fr Yahoo! Mail
