Colleague check - graph function in

Detect incorrect group nesting reliably.

In addition to the “Analyze group structures” function, the AD-View has a second function, the “Colleague Check”.

When checking colleagues, you can see how two users are connected by groups. All direct and indirect memberships between both users are displayed.

A user is selected who appears in the left window. All users to whom the first one has a connection via groups are automatically displayed on the right. If you click on a user on the right, the groups in which both are members appear in the middle window, directly or indirectly. If a group is selected here, the selected group appears in the lower window in the middle and the two users on the right and left. The two users are direct members of the group.

Both users are in the group Buchhaltung_g.

colleagues checkImage 1: direct membership


In the case of indirect membership, the nested groups are still displayed on the left and right. In the example, the selected users are indirect members of the list group "8M_dl_KM GmbH_li" via group nesting.


Colleagues check 2Image 2: indirect membership

In the example shown this is correct and necessary. However, in mature systems you can also find examples where users have nested groups with rights that they are not entitled to, perhaps even those who oppose data protection. In order to detect such vulnerabilities this colleague check has been developed.

In the right window you can display additional AD attributes for the users. (Please refer "Representative AD Attrbute")

Permanent link to this post: