Domain security group cleanup

Hello all,
I’ve inherited a mess and I’m hoping powershell can help me out. I have numerous security groups (universal and global) and I have to find a way to scour each server in our domain to determine if a group has any permissions to any shared folder on any server. I’d like to generate an HTML report arranged based on the Security group and then the server and folder path each security group has permissions to. I don’t have anything started yet, but will be working on this over the next few days…maybe weeks :expressionless:

Thank you in advance for any help.

Ugh. Dude. That sucks. Are you asking for just the FILE SHARES, or for people on FOLDERS AND FILES? Huge difference in how awful this will be. If you need to do files and folders, I’d say that writing a script isn’t going to be a practical way to solve this (not impossible… just not practical). File shares perhaps more practical… but it’s going to be time-consuming.

And I have to tell you… it’s not going to be pretty, and it’ll be time-consuming to run the script. There are third party commercial tools (Security Explorer from ScriptLogic/Quest/Dell, is one) that can do this in a jiffy, if that’s an option for you. Like, literally half an hour once you get it installed.