Pruning cyclical group hierarchy: Active Directory [source] Warning


When we try aggregate groups from Active Directory source we are getting the following warning:


What is the reason for this warning? Is there a way to avoid this Warning message?

On an other side, when agregation task is finished , we note that 355 groups were deleted. Is there relation bettwen the warning message and the groups deleted?


Thanks in advance

Looks like you are aggregating in duplicate security groups from Active Directory. You can try to bump up the delete thresh hold and/or determine the group that is being read in multiple times.

1 Like

Hey @ismaelmoreno1,

Thank you for posting your question. It looks like you might be having some cyclical dependencies ( i.e. like a group with in a group). Try to add this entry <entry key=“noGroupCycleDetection” value=“True”/? and then run aggregation. Let’s see if adding that will help to make the warning message disappear.

Also, here is an article that you may find useful:

PATCH - {{api-url}}/beta/sources/{{sourceId}}

        "op": "add",
        "path": "/connectorAttributes/noGroupCycleDetection",
        "value": true

Make sure Content-Type is application/json-patch+json


Thanks for helping out here, @tom_bui; I hope things are going well over at Splunk!

@ismaelmoreno1, please let us know if the above helps to solve your issue :slight_smile:


I have marked this thread as solved. @ismaelmoreno1 please let us know if we can be of any further assistance to you; we hope to see you around the Developer Community more in the future!

Hi @michael.ellis
sorry for the delay to reply and try the tests. Finally the solution works
Thanks for all

Hey @ismaelmoreno1,

Thanks for circling back and letting us know; I am delighted to hear that the solution worked well for you. We hope you see more of you around the developer community in the future!