Friday, January 2, 2015

group basics

purpose - collect similar accounts


  • users
  • computers
  • other groups (nesting)


no relation to OUs - can't assign security to them

group types

  • distribution - for email purposes
  • security 


group scope -



default groups - http//cbt.gg/R4QGCU

special groups - http://cbt.gg/P54rXp


powershell commands









Domain local group
- useful in grouping global users from the same domain or external domain and grant access to a share.



Universal group

- useful in grouping global groups from domains within a forest (not external trust).  Universal group then assigned to domain local group of each domain.  As more child domains are added it has less complexity.



conversion of group scope and type needs to adhere to the membership rules.
group scope of global, universal, domain local can be converted.
group type security or distribution can be converted too

if group contain invalid group membership, the conversion fails.

for example, if a universal group contain, domain local group from another domain, conversion to global group is not possible since global group can contain global groups from the same domain.




No comments:

Post a Comment