1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

AD Groups & Use

Discussion in 'Windows Server 2003 / 2008 / 2012 / 2016' started by Tegal, Aug 8, 2009.

  1. Tegal

    Tegal Bit Poster

    Maybe it's just because it's late at night, but I'm struggling to get my head around the subtleties of AD Groups.

    There are 3 types of group - Domain Local, Global and Universal

    The Universal Group are forest wide, it can contain global groups, users & computers. Am aware of the domain functional levels for this group to exist.

    The Global Group seems to be primarily a sorter - global groups, users & computers. Typically users/computers added to this group e.g. departmental.

    Then you have domain local groups - primarily used for setting permissions. MS book says that DL groups "can not be used for permission assignment on any servers in the domain other than DC's".

    So if you have a file server that is not a DC, you can't put a global group in a DL group and set permissions via the DL? You would have to set permissions directly for the global group?
    Certifications: BEng, MCP

Share This Page