Chapter 7. Groups
Introduction
A group is a simple concept that has been used in many different types of standalone and networked systems over the years. In generic terms, a group is just a collection of objects. Groups are often used to apply security in an efficient manner, where you create a collection of users and assign certain permissions or rights to that group, rather than to each individual user within the group. When applying security settings, it’s much easier to use a group than to use individual users, because you only need to apply the security setting once per group instead of once per user. In addition, groups are also frequently used to send email messages to an entire group of users at once rather than requiring the sender to address each person individually.
In Active Directory, groups are flexible objects that can contain
virtually any other type of object as a member, although they’ll generally
contain only users, inetOrgPerson
s,
computers, and other groups. Active Directory groups can be used for many
different purposes, including controlling access to resources, defining a
filter for the application of group policies, and serving as an email
distribution list.
The ways in which a group can be used in an Active Directory forest are defined by the group’s scope and type. The type of a group can be either security or distribution. Security groups can be used to grant or restrict access to Windows resources, whereas distribution groups can be used only as a simple ...
Get Active Directory Cookbook, 4th Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.