Answer the question
In order to leave comments, you need to log in
Active directory should I remove ssid when deleting a group?
After deleting the group, there are rights that remained and hung, should they be deleted from the point of view of information security?
Answer the question
In order to leave comments, you need to log in
As already mentioned, it is better not to remove users and groups from AD, but to block and store them in a special OU. Just to avoid such problems.
If you want to bulk clean ACLs of unresolved SIDs, you can do this with subinacl /cleandeletedsidsfrom . Theoretically, it should speed up access.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question