Groups

Two basic group types are available in the Active Directory: security and distribution. Because distribution groups are used primarily by email and are not used for access control, let's focus on security groups.

Security groups are used to centralize access to objects. If a security group has an access permission and a user is a member of that group, he inherits that permission. This is a function of virtually every modern operating system and greatly reduces the amount of time spent managing permissions. Three group scopes exist in Active Directory—domain local, global, and universal.

See "Groups."

Native Versus Mixed Mode

Group behavior differs based on whether the domain is in native or mixed mode. When a domain is created or upgraded, ...

Get Special Edition Using Microsoft Active Directory now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.