removing users in folders' security tab listing (ACL)

[Fullmetal Chocobo]

There have been many people terminated in my department over a long period of time, and yet their names still have full access to some folders on the server, due to admins adding them individually instead of using groups.

Is there a program / utility to help with this, such as a "member of" in ADUC, but with folders? Else this is going to take forever removing everyone from every single folder. My supervisor found a program that searches through them, and I'm looking at at entry of AT LEAST 24,000 folders that need to be changed.

 

[imported_snikt]

I haven't tried this but what would deleting the domain account in ADUC do to the user name in the Security tab? Would that be easier if it were effective?

 

[Chiefcrowe]

Yeah, i just delete the user's domain account in AD and that should fix the problem very easily.

 

[Zugzwang152]

this can also be scripted using Powershell, Vbscript or the like if deleting the user account is not an option.

 

[seepy83]

I believe deleting the account in AD will leave a ghost account/SID listed...it will not remove the account completely.

Also, many organizations have policy that prevents you from deleting old accounts.

Like was already mentioned, I would be looking to use a script to match the accounts in each ACL to Disabled Accounts in AD.