Active Directory Group Scopes (MCP Series)

Local Groups

Local Groups are used to assign premissions to resources on a local computer. Members can be added from any other trusted location including the local domain and any other trusted domains or forests.

Domain Local Groups

Domain Local Groups are used to assign permission to resources in the local domain. Members can be added from any other trusted location. Domain Local Groups are often used to assign permissions.

Domain Local groups can be converted into a Universal Group provided no other Domain Local groups are a member of this Domain Local Group.

Global Groups

Global Groups are used to assign permissions to resources in any domain within the forest. Members can be added from the same domain as the parent Global Group or from the domain of which the group is a member if it has no parent Global Group.

Global Groups can be converted into Universal Groups provided it is not a member of any other Global Group.

Universal Groups

Universal Groups are used to assign permissions to any resource in any domain or forest. Universal Groups can contain members from any domain within the forest and can also include Global Groups from the same domain as the Universal Group resides.

Universal Groups can be converted into Domain Local groups. Universal Groups can also be converted into Global Groups provided no other Universal Groups exist as members of this group.

Popular posts from this blog

Get local computer UUID/GUID using Windows Powershell

Use the following syntax to get the local computer's UUID/GUID using Windows Powershell: get-wmiobject Win32_ComputerSystemProduct  | Select-Object -ExpandProperty UUID Add -computername after the WMI class to find a remote computer's UUID, example: get-wmiobject Win32_ComputerSystemProduct -computername RANTPC | Select-Object -ExpandProperty UUID
Read more

gPLink and gPOptions

gPLink is a property for sites, domains and organisational units that contains a prioritised list of GPOs linked to the node. gPOptions is a property that contains all Block Policy Inheritance settings for the node. To manage GPO links on a node, you must have read and write access to the gPLink and gPOptions properties.
Read more

PSLoggedOn Getting Started on Windows Server 2008 R2

Image
PSLoggedOn is a tool I downloaded to allow me to find out which computers a user is currently logged on to. Getting it up and running wasn’t exactly easy. I’m running a Windows Server 2008 R2 test environment. The first error I encountered was: Error browing network: The list of servers for this workgroup is not currently available. Note: I kept the spelling mistake from the error message to make it easier to find via search engines. To get past this error, you have to enable and start the “Computer Browser” service. Then I started getting the error telling me that the Administrator is not logged on. That’s simply not true because I am logged onto another server (Name: ELARA): I turned the firewall OFF OFF OFF (It is a test network after all). I enabled Network Discovery and to do that I went on a service starting frenzy: DNS Client, Function Discovery Resource Publication, SSDP Discovery, and UPnP Device Host, Computer Browser After all that, I ran the script against the se
Read more