We discovered that many distribution groups have had individual permissions assigned using the security tab. Primarily this is because the 'managedBy' field allows only 1 manager to control membership of the group. Unfortunately when a user is removed from AD the SID is left behind on the various objects the user was granted permission to.
Does an application exist that would identify orphaned SIDs on objects and remove them? If not, how would you recommend removing the orphaned SIDs?
Free Guide: Managing storage for virtual environments
Complete a brief survey to get a complimentary 70-page whitepaper featuring the best methods and solutions for your virtual environment, as well as hypervisor-specific management advice from TechTarget experts. Don’t miss out on this exclusive content!