The world's most trusted forum on Active Directory Security
I would like to know how to detect circular loops in nested Active Directory group memberships, as we are using some scripts to try and enumerate Active Directory group memberships, but the scripts seem to be going in an infinite loop.
For the longest time, we could not figure out why this was happening. Then we accidentally came across a pair of nested groups and that helped us figure that this was happening due to circular nested groups.
We would like to modify our scripts to ensure that they can detect and avoid re-expanding circular nested groups. But before we can do this, we need to know how to detect them?!
If you know how to detect them, can you please help with this?