Using Groups to Manage Active Directory Objects
It is nearly always a good practice to aggregate users into groups based on common business functions or operational roles. Not only are groups easier to manage, but you also get a distinct performance improvement by using groups rather than individual users to control object security. It takes much longer to examine an access control list (ACL) with 3000 users on it than it does to check for a single SID that represents a group with 3000 members.
Properly creating and managing groups, then, is a critical task in Windows Server 2003. This section contains a description of each group type and guidelines of when to use each one. It also has step-by-step scenarios describing how the system uses group ...
Get Inside Windows® Server 2003 now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
