Active Directory Users and Computers (ADUC) supports the concept of nesting groups, or adding groups to other groups. Nesting groups can help to reduce the number of permissions that has to be given to key individuals, or to vital groups.
Effectively nesting groups in a multi domain environment reduces the network traffic between the domains and simplifies the network administration in a domain tree.
Maintaining more number of nested groups is a real pain, because without our knowledge some of the nested groups may get looped. Say for an example there are four groups in an Active Directory Domain like Developers, Quality Checkers, Technical Advisors and Technical Leaders.
Group Name | Group Members |
Developers | Henry V. Jackson & Quality Checkers |
Quality Checkers | Henry V. Jackson & Technical Advisors, Technical Leaders |
Technical Advisors | Henry V. Jackson |
Technical Leaders | Some Users & Developers |
In the above scenario, Developers, Quality Checkers and Technical Leaders forming a group in a loop in an ADUC (Active Directory Users and Computers). In a large environment, it is very difficult to find the number of groups that form a loop in a domain.
Our latest version of Admin Report Kit for Active Directory (ARKAD) has got the necessary features to view a number of nested groups, and a number of groups that are forming a loop in a domain. The following figure displays the groups that are forming a loop in ‘SPACENET’ domain.
For further information about ARKAD, you can view the product information and download a 15-day trial copy from the product home page.