Go to the "Group Analysis – Resolved Only" view:
and look at the topmost categories in the view - groups in the following categories may require your attention:
Unknown entries can indicate problems with group configurations. For example, perhaps a mail group was placed inside a security group. Or there are typos in user names, or user names were changed in the directory but not in a group.
Unknown entries can also be a security risk. If a name is currently unknown but in a group, and a new user or group is created with that name, it's possible that the new name will immediately have access to all things that group has access to. In another example, if a group is used to prevent access to a database by getting "no access" rights in the ACL, and you add a user but enter their name incorrectly, then the user might end up having access to the database anyway because their name will not resolve properly.