Get Circular Nested AD Groups: New Download Source is Here

Some weeks ago, Microsoft have announced that they are going to shut down their TechNet Gallery very soon (that is: at the end of December, 2020). There is a small number of contributions that we have been involved with. Furtunately, the original license (MIT license) allows us to republish those contributions. So in the next days we are going to do this.

This contribution was first published in Microsoft’s TechNet Gallery. See the authors and copyright notices in the text below.

Get Circular Nested AD Groups

In an Active Directory domain it is possible to have a group as a member of another group. This group nesting can be applied to multiple levels, having a group in a group in a group – and so on. Unfortunately, it is possible to create circular group nesting. This means that group nesting forms a „circle“ relationship. Imagine Group A being a member of Group B, and Group B a member of Group C. Now an administrator can put Group C into Group A as a member. Active Directory does not detect this and will not issue a warning.

Circular nesting can cause a lot of trouble, such as users that have too many permissions in applications or applications that will complain or even crash. Not mentioning the fact that circular nesting is not useful at all.

There is no simple way to detect circular nesting in an AD environment. The PowerShell script that you find for download here does the job. Simply download, verify the script, and run it. You don’t need administrator privilege to run it (unless your domain uses object-level permissions on groups).

While it would be technically possible to correct circular nesting, this is not feasible in most situations. So you can take the script’s results and resolve circular nesting manually if you find any.

Usage

• Most simple: just run the script. It will display its results in the PowerShell window.
• Most comfortable: Pipe the output to a grid like this:
  .\Get-CircularNestedADGroups | Out-Gridview
• CSV automation: Automatically save the results as a CSV file like this:
  .\Get-CircularNestedADGroups | Export-CSV <FILE NAME> -Delimeter ‚;‘ -Encoding unicode -NoTypeInformation
• HTML automation: Automatically create a simple HTML table like this:
  .\Get-CirularNestedADGroups.ps1 | Sort-Object Name | ConvertTo-Html DistinguishedName,Name,GroupScope,GroupCategory | Out-File <FILE NAME>

Download

  Get-CircularNestedADGroups (1,4 KiB, 2.156-mal heruntergeladen, letzte Änderung am 22. Dezember 2020)

Disclaimer

While the script will not change anything on your system, use it at your own risk. We provide no warranty and no support.

Author

The script was written by Simon Altenbokum, michael wessel Informationstechnologie GmbH

Was <https://gallery.technet.microsoft.com/Get-Circular-Nested-AD-491145d1/description>