Groups

Groups: Are two types

1. Security
2. Distribution

Groups are useful for setting common privileges or type of access to a group of users.

Security Groups:

These are used for setting permissions on the objects (printer, data) it can also be used as a distribution groups.
This can also be used for maintaining distribution list

Distribution group: 

Do not provide security, used for e-mails.

Group scope:

Identifies the extent of the group within in a domain or a forest.

1. Domain Local Group: all builtin class groups
2. Global Groups: domain user, domain admins, domain guests, domain computers.
3. Universal groups: schema admins, enterprise administrators.

Domain Local Groups:

DLG pertains to the domain and it is a powerful group used for setting permissions a DLG can contain user a/cs, global groups, it cannot contain DLG.

Group scope: 

DLG used for setting permission on resources
GG: used for organizing the users.
UG: used for or organizing the users, groups from more than one domain.

Creating Groups: 

On DC
Open ADUC
Create users like s1, s2, s3, a1, a2, a3, t1, t2, t3 and m1, m2, m3
Right click on the user
Create 4 groups (sales, account, technical, marketing)

Adding users to a group: 

double click a group

Click on members and add the users

Creating a DLG:

Right click on users
New- group name – select domain local

Adding users to DLG
Double click the DLG we’ve created
Add the users

Creating universal groups:

By default UGs are not available because the O.S. runs in mixed mode. In order to enable UGs. We’ve to raise the domain functional level to native mode.

Raising domain functional level:

Open ADUC
Right click on domain
Raise domain F.L.
Select windows 2000 native raise

Creating a universal group

Right click on users class
New – group – name – select universal – ok