Chapter 8. Using PowerShell to reduce Active Directory token bloat
As a Microsoft Premier Field Engineer I work with companies of all sizes to get their Active Directory environment healthy. One of the most common issues I find is called token bloat. When users become members of too many groups, their access token grows so large that it no longer fits inside some of the default OS settings. Users can experience issues logging in, applying group policies, and authenticating to web servers.
Token size issues are usually due to a combination of three scenarios:
- Leftover security identifier (SID) history from Active Directory migrations
- Heavy group nesting
- Stale group memberships
This chapter will address the SID history scenario, ...