Create a Share and NTFS Permissions for Domain Groups Summary Report?

1. Overview explaining the report you require:

Our customer is in the process of cleaning up AD Security Groups within their environment.  There are 7,000+ Security Groups within the environment.  They are looking to consolidate and remove Security Groups that are no longer used within the environment.

Prior to removing a group the they need to identify where AD Security Groups that are use secure Shares, Folders, and Files on their server infrastructure.

Could you create a Share and NTFS Permissions for Domain Groups Summary Report?

This report would be used analysis to identify the Total number of Shares, Folders, and Files that each AD Security Group is used to a secure.

With the summary report they could then use the report output to identify items such as the most used groups, least used groups, groups with no shared shares/folders/files.

2. What version of Enterprise Reporter is being used?

Enterprise Reporter 3.2.2

3. What discoveries have been run?

Discoveries being run are:

Active Directory: Collect Token Groups Count, Query All DC’s for Last Logon, Groups and Members (include members from foreign domains), Computers, Domain Controllers, Permissions, Contacts, Trusts, Sites, Deleted Objects, Service Accounts

Computer: Collecting Printers, Shares, Installed Software, Policies, Microsoft Store Applications, Services

NTFS: Collect All Available Public Shares (include hidden shares), All Folder Levels, Collect Files and their basic details like size and attribues, collect advanced file metadata such as author and title, Collect Folder Permissions, Collect File Permissions

File Storage Analysis: Shares (Including Home Directories), Files, Folders, Owners

4. Is there a library report that closely matches what you require?

This custom report on the forum provides the detailed analysis:

Share and NTFS Permissions for Domain Groups

This report works great to find the details. However, with so many Security Groups and Shares/Folders/Files in the environment it can not be run with out generating thousands of lines of detail.

To help resolve that issue we are looking to create a Summary Report that would report out for each Security Group:

  • Domain / Group / Computer – Total Number Files, Folders, Shared  Folders for each computer.

Then using the Summary report a subset of Computers can be targeted and those computer names targeted with an import text file to run the Share and NTFS Permissions Groups report to get the details analysis.

This these two reports, along with the Group Membership Count for Domain Groups would allow the initial analysis required to form process and plan for manging the group clean up and consolidation.

5. How does the information in the report need to be sorted?

  • Sorted by Domain / Group / Computer

6. What parameters are required for filtering the report?

Three input parameters: Domain Name, Domain Group Name, Computer Name.

Allow use of * to select all.

7. How will this report be consumed? For example, will the report be viewed in report display, exported to CSV, or exported to PDF?

Will need to ability to viewed in the report display, and exported to CSV and PDF formats.