- users
- computers
- other groups (nesting)
no relation to OUs - can't assign security to them
group types
- distribution - for email purposes
- security
group scope -
default groups - http//cbt.gg/R4QGCU
special groups - http://cbt.gg/P54rXp
powershell commands
Domain local group
- useful in grouping global users from the same domain or external domain and grant access to a share.
Universal group
- useful in grouping global groups from domains within a forest (not external trust). Universal group then assigned to domain local group of each domain. As more child domains are added it has less complexity.
conversion of group scope and type needs to adhere to the membership rules.
group scope of global, universal, domain local can be converted.
group type security or distribution can be converted too
if group contain invalid group membership, the conversion fails.
for example, if a universal group contain, domain local group from another domain, conversion to global group is not possible since global group can contain global groups from the same domain.
No comments:
Post a Comment