ADEssentials icon indicating copy to clipboard operation
ADEssentials copied to clipboard

Published 20 hours ago verified publisher icon EvotecIT

CircularIndirect for non-circular groups

Open Mike-Crowley opened this issue 1 year ago • 6 comments

If you create 4 groups with membership like this:

"A","B","C","D" | foreach {New-ADGroup $_ -GroupScope Universal}
Add-ADGroupMember A -Members "B"
Add-ADGroupMember B -Members "C","D"
Add-ADGroupMember C -Members "D"

image

The following command:

Get-WinADGroupMemberOf D -ClearCache | select ObjectName, ParentGroup, Name, CircularIndirect

reports the following:

ObjectName ParentGroup Name CircularIndirect
---------- ----------- ---- ----------------
D          D           C               False
D          C           B               False
D          B           A               False
D          D           B                True
D          B           A               False

In some circumstances, this is a poor AD group design, but it is not "circular", right? Or am I misunderstanding the intent of this field?

Mike-Crowley avatar Feb 07 '24 01:02 Mike-Crowley