Identify recursive groups (web client)
Groups can be members of other groups. Active Directory allows "children" to become "parents" within their own family tree. If the nested group structure loops in a circular way group membership assignments become ineffective and nonsensical. Through these recursions or circular nested groups every user who is a member of any of the recursive groups is granted all of the access rights of all of the groups. The consequence is a confusing mess of excessive access rights. ARM automatically identifies all recursions in your system. We highly recommend removing the recursion by breaking the chain of circular group memberships.
Administer only with ARM and recursions can no longer happen because ARM does not allow the creation of recursions.
The deeper your group structure the more likely you are to have circular nested group structures. Therefore, keep an eye on the nesting depth of your groups.
Identify recursive groups (rich client)
Break the circle by managing group memberships (rich client) or removing group memberships (web client).
Go to the Risk Assessment Dashboard.
- ARM shows a rating for the risk factor Groups in recursion.
- Click Minimize risks.
The tiles are sorted by risk level and may therefore be located in different positions.
- ARM lists all groups in recursion.
- Use sorting, filtering and grouping to analyze the data.
- Select the columns to display in the grid and in the reports.
- Export the data into Excel.
- Create a report in PDF- or CSV-format. Save the report or email it.