5

Is it possible for a group to directly or indirectly include itself?

In other words, is it possible for the following structure to be created:

Group-A
  └─ Group-B
           └─ Group-C
                    └─ Group-A (recursive cycle)

Does AD detect and prevent such cases, or does it allow them and handle the recursive cycle.

If I had administrative access to an AD forest, and I wasn't afraid of unravelling the fabric of reality, I would test this myself. Google, sadly - has been of little help in answering this question ... although I may not be making the proper incantation in the search input box.

LBushkin
  • 183
  • 2
  • 7

2 Answers2

7

Directly: No, an error is returned that A group cannot be a member of itself

Indirectly: There is nothing preventing this from happening in Active Directory, and is known as Circular Group Nesting.

Izzy
  • 8,224
  • 2
  • 31
  • 35
2

I have a different experience. If you use the Active Directory Users and Computers and do a right-click on a group then select "Add to a Group", you can enter the name of the group and the add succeeds, effectively making a group a member of itself.

Scott Dean
  • 21
  • 1