I just record who was in a group (net group command), remove all the users from it, mark it as DEPRECATED in the description, and wait.
If anyone calls up complaining, it was still in use - roll back. If a few weeks / months / years (delete as necessary for your environment) pass without issue, remove it completely. Of course, my habit of using very detailed descriptions and sticking to a "one group, one function" model tends to make sure you know exactly what the scope of each group is. Others prefer nesting, but as I have spent the last two years in a fairly small environment, I've been able to do things this way without too much administrative overhead. On 18 August 2010 20:17, Paul Hutchings <paul.hutchi...@mira.co.uk> wrote: > Is there a recommended way to determine which groups (be it Domain Local > or Global) are still in active use in a given domain? > > Ideal world Microsoft would give groups a "disable" property, but since > there isn't, other than at some point hitting "Delete" and waiting for the > phone to ring there doesn't seem any decent way to determine this. > > Thanks. > ------------------------------ > > *MIRA Ltd* > Watling Street, Nuneaton, Warwickshire, CV10 0TU, England. > Registered in England and Wales No. 402570 > VAT Registration GB 114 5409 96 > > The contents of this e-mail are confidential and are solely for the use of > the intended recipient. > If you receive this e-mail in error, please delete it and notify us either > by e-mail, telephone or fax. > You should not copy, forward or otherwise disclose the content of the > e-mail as this is prohibited. > > > > > > > > > > -- "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question." ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~