I'm searching for a lightweight tool or command-line interface (CLI) program that can help me identify authorized Active Directory (AD) users or groups linked to a standard Windows Server. The issue I'm facing is that when decommissioning a server, there can be AD users or groups buried within system programs or configurations that go unnoticed. I want to pinpoint and eventually remove these to avoid leaving behind 'zombie' objects in AD. Is there a better way to tackle this? As far as I know, Windows AD doesn't show a 'last used' timestamp for these kinds of dependencies. I'm attempting to build my own script to scan different system elements, but it's turning out to be quite laborious, especially with registry entries and NTFS permissions. Any suggestions would be greatly appreciated!
2 Answers
Have you thought about failing over to another Domain Controller (DC) before powering down the server? If after shutting down, you get a lot of complaints from users, you’ll know for sure what was reliant on it.
Just a heads up, if you plan to follow through with shutting it down, make sure to stick to your change management process. You don’t want any surprises! 😄 If that server seems out of use, you might even consider turning it off temporarily to see if anyone notices. It's a good way to gauge if it's actually still being used!
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures