• State Suggested Answer
  • Locked Locked
  • Replies 10 replies
  • Answers 1 answer
  • Subscribers 32 subscribers
  • Views 8517 views
  • Users 0 members are here
Options
Related
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Accurate Token Bloat Report

adam.driver
over 6 years ago

Hi,

I see there is a Token Bloat report which is based upon the object being in 'X' number of groups. Would it be possible to have a report created that takes in to account the number of groups the object is in (Directly and indirectly) and also the type of groups they are in as these have different values. It would also need to take in to account if there is SID History tied to the object an the groups themselves. Another consideration is whether the account is also delegated for delegation as this impacts the Token size.

An MS engineer wrote a script which is pretty accurate, but we would ideally want that criteria reporting off of the Quest data already captured, but taking in to account the same considerations.

https://gallery.technet.microsoft.com/scriptcenter/Check-for-MaxTokenSize-520e51e5

Thanks,

Adam

Parents
  • 0 over 6 years ago

    Adam,

       Because you seem to be fine with updating the SQL in the report and because I don't know what the exact changes you may have made, you can update the SQL to filter out the distribution groups from the calculations.

    2/3rds of the way down there is an "insert into @USERsGroups" statement which ends in "AND ( du.LDM_TOMBSTONED = 0 )"

    On a new line add to the Where clause

    AND dg.IsSecurityEnabled = 1

    otherwise tell me what exactly what change you made and I can update the report.

     

    As for TokenGroups, that field cannot be extended within Report.

     

    Peter

     

     

     

Reply
  • 0 over 6 years ago

    Adam,

       Because you seem to be fine with updating the SQL in the report and because I don't know what the exact changes you may have made, you can update the SQL to filter out the distribution groups from the calculations.

    2/3rds of the way down there is an "insert into @USERsGroups" statement which ends in "AND ( du.LDM_TOMBSTONED = 0 )"

    On a new line add to the Where clause

    AND dg.IsSecurityEnabled = 1

    otherwise tell me what exactly what change you made and I can update the report.

     

    As for TokenGroups, that field cannot be extended within Report.

     

    Peter

     

     

     

Children
No Data