This is simply not doable without touching every single machine in the domain
and inspecting all manner of ACL'able resources.
Thanks,
Brian Desmond
br...@briandesmond.com
c - 312.731.3132
Active Directory, 4th Ed - http://www.briandesmond.com/ad4/
Microsoft MVP - https://mvp.support.microsoft.
Subject: RE: AD groups search to find out where group is all applied in
domain
One of my clients has something called "Varonis" that tracks security
changes to file systems. They like it because it allows them (among the
security changes) to see when a user has, for example, picked up a
m, I'm not involved with their file management, but
it might be something to look at. I have no idea how good/bad/etc. it is.
From: Sherry Abercrombie [saber...@gmail.com]
Sent: Thursday, May 14, 2009 8:48 AM
To: NT System Admin Issues
Subject: Re: AD groups sea
You might take a look at Sysinternals. There might be some utilities there
that could accomplish what you want.I'm thinking maybe ShareEnum might
be a possibility..
On Wed, May 13, 2009 at 7:50 PM, Kurt Buff wrote:
> On Wed, May 13, 2009 at 04:43, Bill K wrote:
> > I have AD groups I
On Wed, May 13, 2009 at 04:43, Bill K wrote:
> I have AD groups I would like to do a "reverse lookup"
> to find out all the servers/shares that the group
> is applied on within the domain.
>
> This would be a great tool for finding out what legacy
> AD groups give access to if it was never documen
ARS does it but it's expensive in terms of monetary resources J
From: Michael B. Smith [mailto:mich...@owa.smithcons.com]
Sent: Wednesday, May 13, 2009 3:33 PM
To: NT System Admin Issues
Subject: RE: AD groups search to find out where group is all applied in
domain
It could be wr
It could be written...but it would be "expensive" in terms of processing
resources.
From: James Rankin [kz2...@googlemail.com]
Sent: Wednesday, May 13, 2009 7:54 AM
To: NT System Admin Issues
Subject: Re: AD groups search to find out where group is all
If such a tool exists, I sure would have liked to have had it when I worked
for Quantum :-)
You could maybe try using the command-line version of dumpsec.exe to drop a
permissions report on a list of fileservers and pull out those entries with
a specified group name, but it would probably take a *