Active Directory Groups

Active Directory Groups

August 22, 2021 Active Directory 0

Group Scope and Types Gathering together objects for ease of administration. Assigning permissions to  objects or resources within the Directory.

Distribution Groups, To create email distribution lists. You can use distribution only with email application to send email to collections of users. Distribution groups are not security enabled, which means that they cannot be listed in Access Control Lists (ACL).

Security Groups, To assign permissions to shared resources.

  • Domain, These groups are only visible in their own domain. You can add members from any domain in your forest but you can give them access to the resources which are available only in  the domain where you create this DL.

CAN CONTAIN: Domain Local Groups from the own domain, Global Groups from trusted domains and any domain in the forest, Universal groups from trusted domains and any domain in the forest.
Domain local groups assign access permissions to global domain groups for local domain resources.

  • Global, These groups are visible through-out the forest, but can only contain accounts and global groups from the same domain.

Can be a member of global groups of the same domain, domain local groups or universal groups of any domain in the forest or trusted domains.
CAN CONTAIN: Global Groups from the OWN domain.
You can add members only from the domain where you create this DL, and this DL can be given access to any resources in any other domains in the forest.

From your domain A ,create a Global DL— create a Domain Local DL in domain B. Add the Domain ‘A’s Global DL as a member to the Domain B’s Domain Local Group.. Give access to the resource in Domain B. It’s done..
Global groups provide access to resources in other trusted domains.

  • Universal, These groups are visible through-out the forest and can contain accounts, global groups and other universal groups from any domain in the forest (they cannot contain domain local groups). Add members from any domain, access resources in any domain of the forest.

Universal groups should be used to nest global groups. By doing that, the group can assign permissions to resources in multiple domains.

Universal groups do not care about trust. Universal groups can be a member of domain local groups or other universal groups but NOT global groups.
CAN CONTAIN: Global Groups from any domain in the forest, Universal Groups from any domain in the forest.
Universal groups grant access to resources in all trusted domains.

 

 1,320 total views,  1 views today

Leave a Reply

Your email address will not be published. Required fields are marked *