Identify recursive groups (web client)

<< Display table of contents >>

Navigation:  Start > Using 8MAN - The Services > Permission Analysis  > Active Directory  > Services for Administrators >

Identify recursive groups (web client)

Background / Value

Groups can be members of other groups. Active Directory allows "children" to become "parents" within their own family tree. If the nested group structure loops in a circular way group membership assignments become ineffective and nonsensical. Through these recursions or circular nested groups every user who is a member of any of the recursive groups is granted all of the access rights of all of the groups. The consequence is a confusing mess of excessive access rights. 8MAN automatically identifies all recursions in your system. We highly recommend removing the recursion by breaking the chain of circular group memberships.

TIP: Administrate only with 8MAN and recursions can no longer occur.


Additional Services

The deeper your group structure the more likely you are to have circular nested group structures. We therefore recommend keeping an eye on the number of nested group levels.

Idenitfy recursive groups (rich client)

Break the circle by managing group memberships (rich client) or removing group memberships (web client).


Step by step process

A045-02 EN inaktive Konten im webclient identifizieren


Go to the Risk Assessment Dashboard.

A046-03 EN Gruppen in Rekursion im Webclient identifizieren


1.8MAN shows a rating for the risk factor "Groups in recursion".

2.Click "Minimize risks".


The tiles are sorted by risk level and may therefore be located in different places.

A046-04 EN Gruppen in Rekursion im Webclient identifizieren


1.8MAN lists all groups in recursion.

2.Use sorting, filtering and grouping to analyze the data.

3.Select the rows to display in the grid and in the reports.

4.Export the data into Excel.

5.Create a report in PDF- or CSV-format. Save the report or email it.