Home > IT Answers > Exchange > Managing Orphaned SIDs on AD objects
Help

Question

  Asked: Feb 14 2008   5:09 PM GMT
  Asked by: Justthefacts

Managing Orphaned SIDs on AD objects


Exchange security, Windows, Security, Development, Developers

We discovered that many distribution groups have had individual permissions assigned using the security tab. Primarily this is because the 'managedBy' field allows only 1 manager to control membership of the group. Unfortunately when a user is removed from AD the SID is left behind on the various objects the user was granted permission to.

Does an application exist that would identify orphaned SIDs on objects and remove them? If not, how would you recommend removing the orphaned SIDs?

Subscribe to Alerts! Get questions and answers delivered to your Inbox.


E-mail me updates on this question



   SUBSCRIBE

hidden modal window
Help

Answer Wiki (Improve, edit or add to this answer)

IMPROVE THIS ANSWER
View History
 RATE THIS ANSWER
0
Click to Vote:
  •   0
  •  0
Last Answered: Feb 22 2008  0:51 AM GMT  by Buddyfarr




the only way I have found is to do it manually. what needs to be done is a process change. you need to setup security groups to apply the security rights to. then you add the users to the group. then when the user account is deleted AD will remove the account from the groups and there will only be the groups left on the ACL list instead of orphaned SIDs.
  • AddThis Social Bookmark Button

Browse more Questions and Answers on Exchange, Microsoft Windows and Security.

Looking for relevant Exchange Whitepapers? Visit the SearchExchange.com Research Library.


RSS - Discussions Help

Discuss This Answer


You must be logged-in to discuss a question. Log-in/Register