Here's the scenario. I have an Windows 2003 Active Directory security group that was created in 2007, and no one remembers what it is for. Is is possible to find out what permissions in our AD implementation are assigned to this group? (Is it controlling folder permissions, is used to delegate user creation, is it doing nothing?)
We're using Windows 2003 as the AD controllers. The AD controllers are also the root DFS servers, but we're using Openfiler to server the actual SMB/CIFS shares.
The group isn't a member of anything, and the only people in the group at part of the IT staff. I tried accesschk from the sysinternals toolset, but it's not being helpful. Are there any other tools I should look at?
Best Answer
If there are not too many people in that group, just deactivate that group and see what happens. It helps to tell anybody in that group what you are doing, so you can quickly investigate when something doesn't work anymore. Don't do that on your last day before you go on vacation. ;)
The assumption is that you don't user user accounts (from you staff) for automated processes.