Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Home / Identity Administration / User Accounts and Groups / Current: Removing Groups from Groups

If you have groups that are members of other groups, and the criteria for their membership changes, you can easily remove them. When you do so, any entitlements and delegations they received from the group via a policy will be handled in accordance with that policy. For example, if you have a group with an Exchange mailbox RET policy that specifies a user's mailbox be deprovisioned when that user is no longer a member of the group, the users in the removed group will lose their mailboxes.

This topic demonstrates how to remove groups from groups in EmpowerID.

To remove a group from a group

  1. In the Navigation Sidebar of the EmpowerID Web interface, expand Identities and click Groups.
  2. Search for the group from which you want to remove a group and then click the record for that group. You should see a list of contextual actions appear that can be executed against that group appear in the Actions pane.

    Info

     In the following image, the Locations pane has been collapsed to conserve screen real estate.


    Image RemovedImage Added

  3. Click the Remove Group from Group action.
    Image Removed
    Image Added

  4. In the Group Lookup that appears, search for the group you want to remove from the group.
  5. Tick the box beside the group to select it.
  6. Repeat, adding as many groups as needed.
  7. When you have finished adding groups, click Submit.
    Image Removed
    Image Added

  8. Click Yes to confirm you want to remove the groups from the group and then click OK to close the Operation Execution Summary.

To verify that EmpowerID removed the groups from the group

  1. Search for the group from which you just removed the nested groups.
  2. From the grid, click the Logon Name link for the group.
    Image Removed
    Image Added

    This directs you to the View One page for the group. View One pages allow you to view details about an object in EmpowerID and make changes to those objects as needed.
    Image Removed
    Image Added

  3. From the View One page, expand the Nested Group Members accordion to verify that there are no records for the groups you removed.

    Tip

    If you have an email address that is registered in EmpowerID, you can have EmpowerID email you the group membership by clicking the email icon.


To verify that the group was removed from the group in Active Directory

  1. On a server with the Active Directory PowerShell module, run the following PowerShell cmdlet (substituting the group in the cmdlet with the appropriate group from your environment):

    Code Block
    languagepowershell
    themeEmacs
    Get-ADPrincipalGroupMembership "London Contractors GVR1"


  2. Verify that the group is no longer a member of the group from which you removed it.

...

Info
iconfalse
titleRelated Content
Section
Column
Column
  • Creating Dynamic Group Memberships
  • Importing Users and Groups
  • Removing Accounts from Groups
  • Removing Groups from Groups
  • Deleting User Accounts
  • Restoring Deleted User Accounts
  • Deleting Groups
  • Restoring Deleting Groups