October 24, 2010

Understanding Active Directory Groups

In Active Directory there are two types of groups and three group scopes. Why so many? Let's find out...
First off an Active Directory group is a collection of Active Directory objects. An Active Directory object can be a user account, computer account, contact, etc.


The two types of groups are Security and Distribution.
  • Security groups are used to grant or deny access to resources on the network.
  • Distribution groups are used to send email to a list of contacts. They cannot be used in place of Security groups.
The three types of scopes are Domain Local, Global, and Universal.
  • Domain Local groups are used to grant members access to resources only in the same domain to which they are members.
  • Global group members are in the same domain as the group and can be granted access to resources in other domains.
  • Universal group members come from any domain and access resources in any domain.
NewGroup