A PowerShell script to find any instances of circular nested groups in the domain. The program finds and reports on all groups involved in circular nesting.
A useful feature of Active Directory is that groups can be nested. However, it is possible for the group nesting to be circular. This is best illustrated by an example linked here Nested Groups.
This program efficiently finds all circular nested groups. It uses the System.DirectoryServices.DirectorySearcher class to retrieve all group names and their direct memberships. The member attribute of the groups is a collection of the Distinguished Names of all direct members, but does not reveal "primary group" membership. The program evaluates each group to track down members that are groups. As soon as a nested member is found that is identical to any parent group, the program has found an instance of circular nesting.
The program does not report on how the groups are nested. For example, if the program lists 5 groups, there are several ways the groups could be nested. There could be one instance involving the 5 groups, or one instance involving 2 groups and another involving 3 groups. Given the group names you will need to track down how they are nested.
CircularNestedGroups.txt <<-- Click here to view or download the program