Welcome to the 16th installment of Learn Active Directory Design and Administration in 15 Minutes a Week, a weekly series aimed at current IT professionals preparing to write the new Windows Active Directory Design and Administration exams (70-219 and 70-217 respectively), as well as newcomers to the field who are trying to get a solid grasp on this new and emerging directory service from Microsoft. This installment begins the more detailed discussion of the Windows 2000 Active Directory Single Masters of Operation, and this particular article begins a more detailed discussion of the Windows 2000 Active Directory Groups.
Active Directory Groups
Jason Zandri’s latest article in the ‘Learn Active Directory Design and Administration in 15 Minutes a Week’ series begins a more detailed discussion of the Windows 2000 Active Directory Groups.
There are two main groups in Active Directory: Distribution Groups and Security Groups.
are used to gather a specific set of users for non-security-related
functions. Sending e-mail messages to a distribution group
is the primary example of this. You cannot use distribution
groups to assign rights and permissions. That is the
function of a
are used to gather a specific set of users for the specific
reason of assigning access rights and permissions via the
group rather than individually to each user object.
Directory uses a subset of both of these groups, as outlined
Security Domain local groups
are where permissions are set to grant user access to network
resources, such as files, folders, or printers in a single
Distribution Domain local
allow the non-security-related function (e.g., e-mail)
for group members of the single domain.