Active Directory Group Concepts
|
Rather Have Fast and Secure Remote
Control?
|
Windows 2000 Active Directory presents a number of different group options not found in the NT domain environment. The two biggest changes are the different types/scopes of groups that now exist, as well as the ability to nest groups. Group accounts for domain users are again created in Active Directory Users and Computers
First, understand that there are two types of groups: security and distribution. Distribution groups exist for the purpose of sending email, and do not have a SID. Security groups do have a SID, and as such can be used to assign permissions and rights via access control lists and policy settings.
Secondly, there are three scopes of groups: domain local, global, and universal. A quick overview of each:
Domain Local groups: domain local groups are similar to local groups in NT 4, except that they can be applied to any system within a domain, not just on the system where the group exists (since domain local groups actually reside in the AD database). These groups are usually used to assign permissions to resources.
Global groups: global groups are very similar to those found in an NT 4 domain. They are still collections of users with common needs.
Universal groups: universal groups are totally new in Windows 2000. A universal group can contain users from any domain in an AD forest. Similar to global groups, they are used as collections of users with common needs or characteristics. Only an member of the Enterprise Admins group can create a universal group.
If the option to create a Universal group is not available, this is because my domain is still in Mixed Mode. Universal groups can only be created in Native Mode. The ability to nest groups is also new to Windows 2000, and is also only available in Native Mode. Nesting refers to the ability to place a group into a group of the same type – for example placing a global group into a global group. The table below outlines group membership rules for domains in Native Mode.
Domain Local: May contain users from any domain, global groups from any domain, universal groups, domain local groups from the same domain. Can only be used to access resources in the same domain.
Global: May contain Users from same domain, global groups from same domain. Can be used to access resources in any domain.
Universal: May contain users from any domain, global groups from any domain, universal groups. Can be used to access resources in any domain.
Written by Dan DiNicolo - Visit Website
Next post in Windows 2000:
Nesting Active Directory Groups
Next post in Active Directory:
Nesting Active Directory Groups
Next post in User Account:
Nesting Active Directory Groups
Previous post in Windows 2000:
Using CSVDE and LDIFDE to Create User Accounts
Previous post in Active Directory:
Troubleshooting Active Directory Installation Problems
Previous post in User Account:
Using CSVDE and LDIFDE to Create User Accounts
All Tutorials by Category:
- CCDA Study Guide
- CCNA Study Guide Chapter 01
- CCNA Study Guide Chapter 02
- CCNA Study Guide Chapter 03
- CCNA Study Guide Chapter 04
- CCNA Study Guide Chapter 05
- CCNA Study Guide Chapter 06
- CCNA Study Guide Chapter 07
- CCNA Study Guide Chapter 08
- CCNA Study Guide Chapter 09
- CCNA Study Guide Chapter 10
- CCNA Study Guide Chapter 11
- CCNA Study Guide Chapter 12
- Cognos
- Computer Hardware
A
C
D
E
F
G
H
I
L
M
N
Entire site Copyright © 1999-2007 2000Trainers.com, all rights reserved.
Content on this site may not be copied or reproduced in any way without permission.
