Presentation is loading. Please wait.

Presentation is loading. Please wait.

Active Directory Groups

Published byChastity Gallagher Modified over 6 years ago

Similar presentations

Presentation on theme: "Active Directory Groups"— Presentation transcript:

1 Active Directory Groups
3.4 Manage Active Directory Objects Active Directory Groups TestOut Server Pro 2016: Identity

2 Section Skill Overview
Enumerate group membership. TestOut Server Pro 2016: Identity

3 Key Terms Distribution Groups TestOut Server Pro 2016: Identity

4 Key Definitions Distribution Groups: A distribution group is used to maintain a list of users and is typically used for sending s to all group members. Distribution groups cannot be used for assigning permissions. TestOut Server Pro 2016: Identity

5 Why Use Groups Organizational Units: Groups provide security options:
Facilitate delegation of control Aid with Group Policy Do not provide security Groups provide security options: Can be used to grant rights TestOut Server Pro 2016: Identity

6 Group Types Distribution: Security: Can only be use by applications.
Cannot be used for security. Security: Can be used for distribution and security. TestOut Server Pro 2016: Identity

7 Group Types Group Type Used Contains Purpose Local Local Workstation
Local Users (Forest*) Rights and Permissions Domain Local Domain Forest Global Users and Computers Universal * In a domain, local groups can contain groups from anywhere in the forest. But in practice they will contain global groups from their own domain. TestOut Server Pro 2016: Identity

8 Local Groups To assign rights on a member server or a workstation, add account to a Local group. Local groups exist in the SAM. Domain controllers do not have local groups. DCs share the same set of Domain Local Groups. Users added to a Domain Local Group on a domain controller have rights on all domain controllers. TestOut Server Pro 2016: Identity

9 Groups Best Practice HR
Use group nesting (adding one group to another group). Nested groups obtain all rights assigned to the parent group. The parent group do not inherit rights specifically given to its nested group. HR Rights: A, B, C Tech Inherits Rights: A, B, C Rights: E, F Not Inherited TestOut Server Pro 2016: Identity

10 Groups Best Practice Accounts Global group Universal groups
Use groups to strategically to provide maximum flexibility. Use A G U DL P when nesting groups. Domain Local Accounts Global group Universal groups Permissions assigned to DL Domain Local group Assign Permissions Universal Global TestOut Server Pro 2016: Identity

11 Groups Best Practice Example
SalesStats SalesData_Modify_DL SalesData_Read_DL SalesReports FS1 SalesSchedules SalesManagers_G SalesData_Modify_DL Rights assigned CorpNet.com SalesPeople_G SalesData_Read_DL TestOut Server Pro 2016: Identity

12 Groups Best Practice Example
FS1 SalesStats SalesReports SalesSchedules SalesData_Read_DL SalesData_Modify_DL SalesManagers_G SalesPlans SalesContracts SalesRead_DL SalesModify_DL SalesExecs_G East.CorpNet.com CorpNet.com FS2 TestOut Server Pro 2016: Identity

13 Groups Best Practice Example
FS1 SalesStats SalesReports SalesSchedules SalesData_Read_DL SalesData_Modify_DL CorpNet.com SalesData_Modify_DL SalesManagers_U SalesManagers_G SalesStats SalesReports SalesSchedules SalesData_Read_DL SalesData_Modify_DL West.CorpNet.com FS3 SalesManagers_G FS2 SalesPlans SalesContracts SalesStatistics SalesRead_DL SalesModify_DL East.CorpNet.com SalesDataModify_DL SalesExecs_G TestOut Server Pro 2016: Identity

14 Converting Group Types
To convert between group types, first change to Universal Domain local to Global example 1 2 3 2 Open the group properties Select Universal and click Apply Select Global and click Apply TestOut Server Pro 2016: Identity

15 In-Class Practice Do the following labs:
3.4.8 Implement a Group Strategy TestOut Server Pro 2016: Identity

16 Class Discussion Which PowerShell commands can you use to manage groups? TestOut Server Pro 2016: Identity

Download ppt "Active Directory Groups"

Similar presentations

Managing User, Computer and Group Accounts

Managing User, Computer and Group Accounts
Windows Server 2003 使用者群組管理 林寶森

Windows Server 2003 使用者群組管理 林寶森
Module 4: Implementing User, Group, and Computer Accounts

Module 4: Implementing User, Group, and Computer Accounts
11 WORKING WITH GROUPS Chapter 7. Chapter 7: WORKING WITH GROUPS2 CHAPTER OVERVIEW  Understand the functions of groups and how to use them.  Understand.

11 WORKING WITH GROUPS Chapter 7. Chapter 7: WORKING WITH GROUPS2 CHAPTER OVERVIEW  Understand the functions of groups and how to use them.  Understand.
6.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

6.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
3.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.

3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
Administering Active Directory

Administering Active Directory
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 4: Implementing and Managing Group and Computer Accounts.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 4: Implementing and Managing Group and Computer Accounts.
Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.

Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 4: Implementing and Managing Group and Computer Accounts.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 4: Implementing and Managing Group and Computer Accounts.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 4: Implementing and Managing Group and Computer Accounts.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 4: Implementing and Managing Group and Computer Accounts.
7.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.

7.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.
© Wiley Inc. 2006. All Rights Reserved. MCSE: Windows Server 2003 Active Directory Planning, Implementation, and Maintenance Study Guide, Second Edition.

© Wiley Inc All Rights Reserved. MCSE: Windows Server 2003 Active Directory Planning, Implementation, and Maintenance Study Guide, Second Edition.
Chapter 7 WORKING WITH GROUPS.

Chapter 7 WORKING WITH GROUPS.
11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW Create and manage file system shares and work with.

11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW Create and manage file system shares and work with.
Guide to MCSE 70-290, Enhanced 1 Activity 4-1: Creating and Adding Members to Global Groups Objective: Use Active Directory Users and Computers to create.

Guide to MCSE , Enhanced 1 Activity 4-1: Creating and Adding Members to Global Groups Objective: Use Active Directory Users and Computers to create.
Active Directory Administration Lesson 5. Skills Matrix Technology SkillObjective DomainObjective # Creating Users, Computers, and Groups Automate creation.

Active Directory Administration Lesson 5. Skills Matrix Technology SkillObjective DomainObjective # Creating Users, Computers, and Groups Automate creation.
1 Group Account Administration Introduction to Groups Planning a Group Strategy Creating Groups Understanding Default Groups Groups for Administrators.

1 Group Account Administration Introduction to Groups Planning a Group Strategy Creating Groups Understanding Default Groups Groups for Administrators.
Managing Active Directory Domain Services Objects

Managing Active Directory Domain Services Objects
Chapter 7: WORKING WITH GROUPS

Chapter 7: WORKING WITH GROUPS

Similar presentations

Ads by Google