Active Directory Groups
|
Rather Have Fast and Secure Remote
Control?
|
Group accounts have also changed in Windows 2000. Unlike NT 4 where we only found Global and Local groups, Windows 2000 includes new group types, scopes and abilities. Before we discuss these however, we need to take a look at something referred to as the ‘mode’ of a domain. By default, all domains are created in something called Mixed Mode. In this mode, NT 4 BDCs can still exist, and many of the rules associated with an NT 4 domain still apply. Once all domain controllers have been switched to Windows 2000, the domain can be switched into what is referred to as Native Mode. This is a one-way process. Note that even if you are not upgrading an NT 4 domain, a Windows 2000 domain is still automatically created in Mixed Mode, and the change to Native mode must be made before many of the new feature with respect to users and groups can be used.
Windows 2000 supports two types of groups. The first are very similar to groups in NT 4, and are referred to as Security groups. Quite simply, a security group has a SID, and as such can be part of a Discretionary Access Control List (DACL), the list of users and groups that have permissions to access a resource. The second type of group is called a Distribution group, and exists for the purposes of sending email messages to a group of users. This functionality largely exists for the purpose of Exchange 2000 integration. Distribution groups have no SID, and as such cannot be added to a DACL. You may be asking why it is necessary to make a distinction. The reason relates to what happens when a user logs on - a security token gets created that lists their SID, and the SIDs of the groups they are part of. The larger the number of security groups, the larger the security token for a user, and the longer it will take to log on. Distribution groups provide an easy and less resource-intensive way to be able to integrate messaging technologies with Active Directory.
Written by Dan DiNicolo - Visit WebsiteGo To Page: 1 2
Next post in Windows 2000:
Active Directory Computer Accounts
Next post in Active Directory:
Active Directory Computer Accounts
Next post in User Account:
Configuring User Profiles
Previous post in Windows 2000:
User Accounts in Active Directory
Previous post in Active Directory:
User Accounts in Active Directory
Previous post in User Account:
User Accounts in Active Directory
All Tutorials by Category:
- CCDA Study Guide
- CCNA Study Guide Chapter 01
- CCNA Study Guide Chapter 02
- CCNA Study Guide Chapter 03
- CCNA Study Guide Chapter 04
- CCNA Study Guide Chapter 05
- CCNA Study Guide Chapter 06
- CCNA Study Guide Chapter 07
- CCNA Study Guide Chapter 08
- CCNA Study Guide Chapter 09
- CCNA Study Guide Chapter 10
- CCNA Study Guide Chapter 11
- CCNA Study Guide Chapter 12
- Cognos
- Computer Hardware
A
C
D
E
F
G
H
I
L
M
N
Entire site Copyright © 1999-2007 2000Trainers.com, all rights reserved.
Content on this site may not be copied or reproduced in any way without permission.
