Identify recursive groups

<< Inhaltsverzeichnis anzeigen >>

Navigation:  Start > Using 8MAN - The Services > Permission Analysis  > Active Directory  > Services for Administrators >

Identify recursive groups

Background / Value

Groups can be members of other groups. Active Directory allows "children" to become "parents" within their own family tree. If the nested group structure loops in a circular way group membership assignments become ineffective and nonsensical. Through these recursions or circular nested groups every user who is a member of any of the recursive groups is granted all of the access rights of all of the groups. The consequence is a confusing mess of excessive access rights. 8MAN automatically identifies all recursions in your system. We highly recommend removing the recursion by breaking the chain of circular group memberships.

 

TIPP: Only administrate with 8MAN and recursions can not happen anymore.

 

Additional Services

The deeper your group structure the more likely you are to have circular nested group structures. We therefore recommend keeping an eye on the number of nested group levels.

Identify groups in recursion (web client)

 

Step by step process

A010-01 EN Rekursive Gruppen identifizieren

 

1.Select the dashboard.

2.Double-click on "groups in recursions".




A010-02 EN Rekursive Gruppen identifizieren

 

1.8MAN automatically selects Multiselection.

2.The scenario "groups in recursions" is active. 8MAN lists all groups included in the recursion.

3.Click on a Group.

4.8MAN lists all users and groups in the selected recursion

5.Double-click on a group.




A010-03 EN Rekursive Gruppen identifizieren

 

1.8MAN switches to the account view. You can see an example of a recursion across 3 levels.

2.The recursion is indicated by the green line.