---
title: Creating inverted static groups
description: You can create an inverted static group to mitigate performance losses associated with a static group that has a large member list.
component: pingdirectory
version: 11.0
page_id: pingdirectory:pingdirectory_server_administration_guide:pd_ds_inverted_static_groups_create
canonical_url: https://docs.pingidentity.com/pingdirectory/11.0/pingdirectory_server_administration_guide/pd_ds_inverted_static_groups_create.html
revdate: May 10, 2024
page_aliases: ["pd_ds_inverted_static_groups_members.adoc", "pd_ds_inverted_static_groups_nesting.adoc"]
section_ids:
  before-you-begin: Before you begin
  about-this-task: About this task
  steps: Steps
  example: Example:
  example-2: Example:
  adding-or-removing-inverted-static-group-members: Adding or removing inverted static group members
  steps-2: Steps
  example-3: Example:
  nesting_inverted_static_groups: Using nesting with inverted static groups
  before-you-begin-2: Before you begin
  about-this-task-2: About this task
  steps-3: Steps
  example-4: Example:
---

# Creating inverted static groups

You can create an inverted static group to mitigate performance losses associated with a static group that has a large member list.

## Before you begin

You must have a parent entry, such as `ou=groups`, set up in your server before adding an inverted static group child entry.

## About this task

To create an inverted static group, do the following:

## Steps

1. Open a text editor and create a group entry in LDIF:

   1. Include the `ds-inverted-static-group` object class.

      |   |                                                                                                                                                                                          |
      | - | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
      |   | You must include the `cn` attribute in an inverted static group entry. The only other non-operational attribute types allowed include:- `description`

      - `ds-nested-group-dn`

      - `owner` |

   2. Save the file.

   ### Example:

   This example LDIF file, `inverted-static-group.ldif`, creates one group, `cn=Example Inverted Static Group`.

   ```
   dn: cn=Example Inverted Static Group,ou=groups,dc=example,dc=com
   objectclass: top
   objectclass: ds-inverted-static-group
   cn: Example Inverted Static Group
   ```

2. To add the group entries to the server, use the `ldapmodify` tool.

   ### Example:

   ```shell
   $ bin/ldapmodify --defaultAdd --filename inverted-static-group.ldif
   ```

## Adding or removing inverted static group members

### Steps

* To add a member to the group, in the member entry, add the DN of the inverted static group to the DN of the `ds-member-of-inverted-static-group-dn` attribute.

  #### Example:

  ```
  dn: uid=gwashington,ou=people,dc=example,dc=com
  changetype: modify
  add: ds-member-of-inverted-static-group-dn
  ds-member-of-inverted-static-group-dn: cn=Example Inverted Static Group,ou=groups,dc=example,dc=com
  ```

* To remove a member from the group, in the member entry, delete the DN of the inverted static group from the `ds-member-of-inverted-static-group-dn` attribute by changing the previous operation from `add` to `delete`.

## Using nesting with inverted static groups

Inverted static groups use a unique attribute for nesting other groups as members within the inverted static group.

### Before you begin

You must have the distinguished name (DN) *(tooltip: \<div class="paragraph">
\<p>A name uniquely identifying an object within the hierarchy of a directory tree.\</p>
\</div>)* of the nested group that you are adding to the inverted static group. For example, `cn=Group to Nest,ou=groups,dc=example,dc=com`.

### About this task

When configuring nesting within a traditional static group, you add both users and groups to the group entry by defining `member` or `uniqueMember` attributes with their DNs. Although this is simple, it doesn't allow you to systematically distinguish between the group's individual user members and the members that are actually nested groups.

Inverted static groups make this distinction by storing the nested group member in a unique attribute. Instead of providing the DN of the parent group to the nested group entry, you provide the nested group's DN to the parent group.

### Steps

* To add a nested group to an inverted static group, add the value of the nested group's DN to the `ds-nested-group-dn attribute` in the inverted static group entry.

  #### Example:

  ```
  dn: cn=Example Inverted Static Group,ou=groups,dc=example,dc=com
  changetype: modify
  add: ds-nested-group-dn
  ds-nested-group-dn: cn=Group to Nest,ou=groups,dc=example,dc=com
  ```