If you have groups that are members of other groups, and the criteria for their membership changes, you can easily remove them. When you do so, any entitlements and delegations they received from the group via a policy will be handled in accordance with that policy. For example, if you have a group with an Exchange Mailbox Provisioning Policies that specifies a user's mailbox be deprovisioned when that user is no longer a member of the group, the users in the removed group will lose their mailboxes.
To remove a group from a group
...
Remove Groups from Groups
On the navbar, expand Identity Administration
...
and select Groups.
Search for the
...
group with a nested group that you want to remove
...
and then click the
...
Logon Name link for
...
the group.
This directs your browser to the View One page for the group. View One pages for groups allow to view and manage the groups to which they correspond.
On the View One page for the group, select the Advanced tab and then expand the Nested Group Members accordion.
Enter the name of the nested group you want remove in the second search field and then check the box for the group record to select it.
Repeat step 4 for each nested group you want to remove from the group.
When ready, click Submit and then click OK to close the Operation Execution Summary.
...
To verify that EmpowerID removed the groups from the group
...
To verify that the group was removed from the group in Active Directory
On a server with the Active Directory PowerShell module, run the following PowerShell cmdlet (substituting the group in the cmdlet with the appropriate group from your environment):
Code Block | ||
---|---|---|
| ||
Get-ADPrincipalGroupMembership "Automation-GVR1" |
...
Insert excerpt | ||||||
---|---|---|---|---|---|---|
|