Hi, Just wondering if anyone knows of an application which can report on AD security groups that are unsed (redundant), for example, groups that exist in AD but are not applied to a folder. So far, the only way I can see of acheiving this is to use Dumpsec to list all folder permissions and then export a list of groups from AD, import both lists into Excel, remove duplicates from the Dumpsec list, then perform a VLOOKUP to compare lists. The main problem with this approach is it's a bit long-winded and leaves too much room for errors. Thanks, Tony

Have a look to this article named "Hey, Scripting Guy! How Can I Use Windows Powershell 2.0 to Find Active Directory Domain Services Groups Not Being Used?". This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. Microsoft Student Partner Microsoft Certified Professional Microsoft Certified Systems Administrator: Security Microsoft Certified Systems Engineer: Security Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration

Hi, Many thanks for your response Mr X, but even though Windows PowerShell isn't really high on my skills list, it doesn't appear that the referenced PS script would locate or remove AD groups that HAVE members, but are NOT applied to a folder? Still a useful script though - so thanks for the find! Tony