Goatee PFE

Blog of Microsoft Premier Field Engineer Ashley McGlone featuring PowerShell scripts for Active Directory.

March, 2014

  • PowerShell to Find Where Your Active Directory Groups Are Used On File Shares

    Today's post gives you a script to crawl your file shares and document the AD users and groups referenced in NTFS permissions.  I’m sure others have published similar scripts, but I want to approach it from the angle of Active Directory group cleanup. Using this output together with the script from my last post will give you plenty of insight to go after stale groups.

    Finish this familiar quote, “I can’t delete that group, because ______________ .”  Multiple choice:

    • “I have no idea where it is used.”
    • “The last admin told me to never delete that group.”
    • “That is how the leprechauns get access.”
    • All of the above.

    What would we do without file shares?  Well, actually, we would use SharePoint or OneDrive. The truth is file shares have been around for decades, and in most cases mission critical data resides there.  But who can access that data?  That is the big question, and many of us cannot give a complete answer.

  • Using PowerShell to Find Stale and Duplicate Active Directory Groups

    I have often told customers…

    “Most companies clean up stale users,
    a few companies clean up stale computers,
    but no one cleans up stale groups.”

    Generally it is easy enough to tell if a computer or user account is stale, but how do we do that for groups?  Today’s post is going to give you some reports to analyze group staleness, population, and duplication.