O'Reilly logo

PowerShell Deep Dives by Edited by Jeffery Hicks, Richard Siddaway, Oisín Grehan, and Aleksandar Nikoli

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 8. Using PowerShell to reduce Active Directory token bloat

Ashley McGlone

As a Microsoft Premier Field Engineer I work with companies of all sizes to get their Active Directory environment healthy. One of the most common issues I find is called token bloat. When users become members of too many groups, their access token grows so large that it no longer fits inside some of the default OS settings. Users can experience issues logging in, applying group policies, and authenticating to web servers.

Token size issues are usually due to a combination of three scenarios:

  • Leftover security identifier (SID) history from Active Directory migrations
  • Heavy group nesting
  • Stale group memberships

This chapter will address the SID history scenario, ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required