We discovered that many distribution groups have had individual permissions assigned using the security tab. Primarily this is because the 'managedBy' field allows only 1 manager to control membership of the group. Unfortunately when a user is removed from AD the SID is left behind on the various objects the user was granted permission to.
Does an application exist that would identify orphaned SIDs on objects and remove them? If not, how would you recommend removing the orphaned SIDs?
February 14, 2008 5:09 PM
January 26, 2011 10:26 PM