- Posts: 90
- Thank you received: 2
Domain Local, Global and Universal Groups
Less
More
11 years 11 months ago - 11 years 11 months ago #38187
by truesdq
simplest
Domain Local, Global and Universal Groups was created by truesdq
:huh: i am asking about Domain Local , Global and universal Group Although
i found Definition like Domain local has Access to local domain ( some where Else
everywhere in Domains in same Forest) and Global Group can access everywhere in every domain in forest
and universal Group in everywhere in domains in same and other Forest (trusted) and replicated to Global Catalog
as well... both Global and universal groups can add to Domain Local but not to Global Group and Global can add to universal
but i can't still get what does it mean?
Why we need to add Global OR universal Groups to Domain local for access some resourse Although we can add directly Both
these GROUPs .....these very Confused Stuff for me.....Please any1 can Explain with Examples ,,, to get the idea...
Where AGDLP and AUGDLP strategies based on these :sick:
Thanks in Advance
i found Definition like Domain local has Access to local domain ( some where Else
everywhere in Domains in same Forest) and Global Group can access everywhere in every domain in forest
and universal Group in everywhere in domains in same and other Forest (trusted) and replicated to Global Catalog
as well... both Global and universal groups can add to Domain Local but not to Global Group and Global can add to universal
but i can't still get what does it mean?
Why we need to add Global OR universal Groups to Domain local for access some resourse Although we can add directly Both
these GROUPs .....these very Confused Stuff for me.....Please any1 can Explain with Examples ,,, to get the idea...
Where AGDLP and AUGDLP strategies based on these :sick:
Thanks in Advance
simplest
Last edit: 11 years 11 months ago by truesdq.
11 years 10 months ago #38205
by Nevins
Useful Threads
================================
www.firewall.cx/forum/2-basic-concepts/3...e-resource-page.html
Replied by Nevins on topic Re: Domain Local, Global and Universal Groups
Don't over think it.
Active Directory is basically just a tiered system which allows you to group users and cluster groups of users while dictating their usage policies.
Here is a good intro video to Active Directory (38 minutes long)
The idea of this system is that users can be assigned permissions based on their roles with efficient grouping. AGDLP and AUCDLP are simply methods of assigning permissions.
AGDLP
AUCDLP
en.wikipedia.org/wiki/AGDLP
To put it simply
AGDLP stands for :account, global, domain local, permission
AGUDLP stands for: account, global, universal, domain local, permission
What these strategies do is allow or deny users access and permissions to objects.
With AGDLP accounts are put in global groups and assigned to domain local groups which are applied to permissions associated to an object.
ACCOUNT---> GLOBAL GROUP----> DOMAIN LOCAL GROUP----> PERMISSION TO OBJECT
So with a quick example a printer is an object, your account needs access to the printer, you are then placed in a global group of the people in your office which has access to that printer nested inside a domain local group.
With AGUDLP universal groups are added. The job of a universal group is to exist among all domains allowing global groups to be combined from different domains. Basically universal groups are just group clusters.
An example in this case a printer is an object, your account needs access to the printer, you are then placed in a global group of the people in your office which has access to that printer nested inside universal group and a domain local group. Typically your global group will share the universal group with other people who need the printer but don't exist in the same domain.
Active Directory is basically just a tiered system which allows you to group users and cluster groups of users while dictating their usage policies.
Here is a good intro video to Active Directory (38 minutes long)
The idea of this system is that users can be assigned permissions based on their roles with efficient grouping. AGDLP and AUCDLP are simply methods of assigning permissions.
AGDLP
AUCDLP
en.wikipedia.org/wiki/AGDLP
To put it simply
AGDLP stands for :account, global, domain local, permission
AGUDLP stands for: account, global, universal, domain local, permission
What these strategies do is allow or deny users access and permissions to objects.
With AGDLP accounts are put in global groups and assigned to domain local groups which are applied to permissions associated to an object.
ACCOUNT---> GLOBAL GROUP----> DOMAIN LOCAL GROUP----> PERMISSION TO OBJECT
So with a quick example a printer is an object, your account needs access to the printer, you are then placed in a global group of the people in your office which has access to that printer nested inside a domain local group.
With AGUDLP universal groups are added. The job of a universal group is to exist among all domains allowing global groups to be combined from different domains. Basically universal groups are just group clusters.
An example in this case a printer is an object, your account needs access to the printer, you are then placed in a global group of the people in your office which has access to that printer nested inside universal group and a domain local group. Typically your global group will share the universal group with other people who need the printer but don't exist in the same domain.
Useful Threads
================================
www.firewall.cx/forum/2-basic-concepts/3...e-resource-page.html
Time to create page: 0.127 seconds