Groups are containers that contain user and computer objects within them as members.
FEATURES OF GROUPS
---When security permissions are set for a group in the Access Control List on a resource, all members of that group receive those permissions.
---Domain Groups enable centralized administration in a domain.
---All domain groups are created on a domain controller.
In a domain, Active Directory supports different types of groups and group scopes:--
---The group type determines the type of task that you manage with the group.
---The group scope determines whether the group can have members from multiple domains or a single domain.
The two types of groups are
---Security groups are security principals; this means that you can grant permissions and rights to this group.
In addition, the security group can be mail-enabled so that users can send mail messages to the group membership. Security groups allow you to use one type of group for not only assigning rights and permissions, but also as a distribution list for e-mail.
---Distribution groups are used merely to organize user accounts together for the purpose of sending them messages; they cannot be used for assigning permissions
Group Scope
Any group, whether it is a security group or a distribution group, is characterized by a scope that identifies the extent to which the group is applied in the domain tree or forest
Universal
• Accounts from any domain within the forest in which this Universal Group resides
• Global groups from any domain within the forest in which this Universal Group resides
• Universal groups from any domain within the forest in which this Universal Group resides
Global
• Accounts from the same domain as the parent global group
• Global groups from the same domain as the parent global group
Domain local
• Accounts from any domain
• Global groups from any domain
• Universal groups from any domain
• Domain local groups but only from the same domain as the parent domain local group
No comments:
Post a Comment