Blog article

Show group membership in Active Directory

by Stefan Kowski

Each Active Directory group can contain users, and other groups depending on the group type. Since contained groups can themselves contain groups and users (e.g. when using the AGDLP model), a complex hierarchy is quickly created.

If, after analyzing directory permissions, you want to know which users have effective access to a directory, the Parks Authorization Manager (PAM) displays the complete group hierarchy.

Hierarchical group membership view in Parks Authorization Manager (PAM)

In a tree structure, you can see the relationships between the groups, and, for the users, the most important information (account, first and last name, department) from the Active Directory entry. You can copy this data to the clipboard or print it as a report.

In the screenshot, the domain local group DL_Accounting_M, which is stored in a folder ACL with modify permissions (suffix "_M" for "modify"), contains a global group G_Accounting_IN. The global group G_Accouting_IN contains the employees of the department (Ian Curtis, Marc Miller, Susan Decker) and a global group G_Accounting_Manager. This group includes the manager of the department, Jane Elliot.

And while you're at it, you can modify the members of a group with the Add... and Delete buttons.

Curious? Just download the demo version and try it for yourself.

Go back