Table of Contents
Identify authorization groups that are no longer used in any ACL.
What is it about?
- Objective
The main objective of this report is to identify orphaned permission groups in Active Directory (AD). Orphaned groups are those that are no longer used in any Access Control List (ACL) because the corresponding directory has been deleted or the group has been removed from the ACL. - background objects
AD cleanups should be performed at regular intervals to identify orphaned permission groups and remove unnecessary groups. This improves the clarity and security of the system. - Functionality
The feature allows you to set a filter that limits the number of groups to be displayed. This allows specifically orphaned groups to be identified.
How can I search for groups ?:
- look for a typical part of the name, e.g. the prefix "fs_"
- a special storage location in the AD
The result is a list of all groups that are currently no longer used in any ACL. The prerequisite for this is that all ACLs in the DB of migRaven ie. the directories have to be project in migRaven be read.
Otherwise, no directories of migRaven to be analyzed.
Optimization of the search using strings in the search term.
If you are searching for directly authorized groups, select this form.
Remove the accounts from the AD
A direct deletion from migRaven cannot be done. The objects can be exported as Excel and then used directly in a Powershell script. If there are only a few accounts, they can also be deleted manually.