Removing Groups from Groups
Home / Identity Administration / User Accounts and Groups / Current: Removing Groups from Groups
If you have groups that are members of other groups, and the criteria for their membership changes, you can easily remove them. When you do so, any entitlements and delegations they received from the group via a policy will be handled in accordance with that policy. For example, if you have a group with an Exchange mailbox RET policy that specifies a user's mailbox be deprovisioned when that user is no longer a member of the group, the users in the removed group will lose their mailboxes.
This topic demonstrates how to remove groups from groups in EmpowerID.
To remove a group from a group
- In the Navigation Sidebar of the EmpowerID Web interface, expand Identities and click Groups.
Search for the group from which you want to remove a group and then click the record for that group. You should see a list of contextual actions appear that can be executed against that group appear in the Actions pane.
In the following image, the Locations pane has been collapsed to conserve screen real estate.
- Click the Remove Group from Group action.
- In the Group Lookup that appears, search for the group you want to remove from the group.
- Tick the box beside the group to select it.
- Repeat, adding as many groups as needed.
- When you have finished adding groups, click Submit.
- Click Yes to confirm you want to remove the groups from the group and then click OK to close the Operation Execution Summary.
To verify that EmpowerID removed the groups from the group
- Search for the group from which you just removed the nested groups.
- From the grid, click the Logon Name link for the group.
This directs you to the View One page for the group. View One pages allow you to view details about an object in EmpowerID and make changes to those objects as needed. From the View One page, expand the Nested Group Members accordion to verify that there are no records for the groups you removed.
If you have an email address that is registered in EmpowerID, you can have EmpowerID email you the group membership by clicking the email icon.
To verify that the group was removed from the group in Active Directory
On a server with the Active Directory PowerShell module, run the following PowerShell cmdlet (substituting the group in the cmdlet with the appropriate group from your environment):
Get-ADPrincipalGroupMembership "London Contractors GVR1"
- Verify that the group is no longer a member of the group from which you removed it.