Chapter 8. Using PowerShell to reduce Active Directory token bloat

Ashley McGlone

As a Microsoft Premier Field Engineer I work with companies of all sizes to get their Active Directory environment healthy. One of the most common issues I find is called token bloat. When users become members of too many groups, their access token grows so large that it no longer fits inside some of the default OS settings. Users can experience issues logging in, applying group policies, and authenticating to web servers.

Token size issues are usually due to a combination of three scenarios:

Leftover security identifier (SID) history from Active Directory migrations
Heavy group nesting
Stale group memberships

This chapter will address the SID history scenario, ...

Get PowerShell Deep Dives now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

PowerShell Deep Dives by Aleksandar Nikolic, Oisin Grehan, Richard Siddaway, Jeffery Hicks

Chapter 8. Using PowerShell to reduce Active Directory token bloat

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly