June 2017
Beginner to intermediate
742 pages
18h 29m
English
Content preview from Mastering Active Directory
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Group scope
Group scope helps to define the operation boundaries within the AD forest. There are three predefined scopes to choose from, when creating AD groups:
- Domain local: Domain local groups can be used to manage privileges to resources in a single domain. This doesn't mean that the group can only have members within the same domain. It can have the following types as members as well:
- User accounts from any trusted domain
- Computer accounts from any trusted domain
- Universal groups from any trusted forest
- Domain local groups from the same domain
- Global groups from any trusted domain
Domain local group objects and their membership data will be replicated to every domain controller in the same domain.
- Global: Global groups can be used ...