0 votes

Hello All

We have a question in regards to checking the Active Directory forest for currently active groups. With the automation process begininning for adding groups to each person based on their jobCode, we need to weed out the groups that don't actually control anything anymore. We are looking for a suggestion, script or tool on how to accomplish this so we can weed out the groups that do not control anything.

Thank you

by (3.2k points)
0

Hello,

Could you specify exactly which groups should be deleted? How do we define that a group is inactive?

0

Our AD structure has been in place for many years and many incarnations of Admins before me. We know we have a few group (Office or internet) that were created way back when and no longer control anything in our environment. We are looking to discontinue using these groups and wanted to find all the groups that have been orphaned and no longer control anything.

0

Hello,

find all the groups that have been orphaned and no longer control anything

How exactly do you define these groups? Are these groups that have no Security Roles assigned?

As a solution, you can delete all the groups created more than a certain number of days ago. Does it meet your needs?

0

Sorry, that would not meet our needs. We need to be able to verify without breaking the entire organization, that groups that do not control anything can be disabled and then turned off. We were looking to see if we had a way to check for groups to be "called" upon in AD.

0

Hello,

Sorry, but we don't quite get which groups you want to delete? There is no such notion as 'active' or 'inactive' groups in AD, so you need to define it yourself. Maybe, you are searching for a way to clean up groups without any members in them? What are the criteria? Please explain.

0

Ok, we are gong a different way to test "active"groups. Sorry for any confusion.

Please log in or register to answer this question.

Related questions

0 votes
1 answer

We are in the process of updating our Active Directory Domain Controllers to server 2022 and the Domain/Forest function level. Our concern is that we still have Adaxes ... version of Windows server for our DCs and the Domain/Forest function level of 2016?

asked Oct 11, 2023 by sphoeinix (20 points)
0 votes
1 answer

Hi we are trying to add users to a group based on the values of their "Office" and "Description" attributes within Active Directory. We have populated the below ... $Context.LogMessage("No matching criteria found for User $($Context.TargetObject.Name).") }

asked Sep 18, 2023 by Loopy8822 (20 points)
0 votes
1 answer

We manage employee user accounts in our on-premise Active Directory and synchronize them to Azure Active Directory using Azure AD Connect. We'd like to be able to generate ... if this is possible so we can easily identify user accounts that are truly inactive.

asked May 9, 2023 by RickWaukCo (320 points)
0 votes
1 answer

I want to make a custom field in which you can select a person from the active directory, is this possible? For example, as in the field manager

asked Nov 18, 2022 by Alvares (100 points)
0 votes
1 answer

I am working with Adaxes for the first time. Looking to set up the service account so it can actually make changes to AD not just to register the Adaxes Service. I would rather ... the Adaxes service. What I am unable to do is have adaxes make changes to AD.

asked Sep 21, 2022 by mightycabal (1.0k points)
3,326 questions
3,026 answers
7,727 comments
544,678 users