Chapter 8. Using PowerShell to reduce Active Directory token bloat

Ashley McGlone

As a Microsoft Premier Field Engineer I work with companies of all sizes to get their Active Directory environment healthy. One of the most common issues I find is called token bloat. When users become members of too many groups, their access token grows so large that it no longer fits inside some of the default OS settings. Users can experience issues logging in, applying group policies, and authenticating to web servers.

Token size issues are usually due to a combination of three scenarios:

  • Leftover security identifier (SID) history from Active Directory migrations
  • Heavy group nesting
  • Stale group memberships

This chapter will address the SID history scenario, ...

Get PowerShell Deep Dives now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.