Active Directory is a network directory created by Microsoft. It is mainly used for the Windows domain servers and systems. Like all other directories, Active Directory also follows a hierarchy of security groups. They are as follows:
Domain - A collection of security principals that share a central database (in this case, the active directory). It is a set of rules of authentication by which each entity will be identified by.
- Universal Groups - Mostly used to grant permissions to multiple domains for the usage of resources in a Forest. They can:
- Can allow members from any domain in the Forest
- Can add Global groups of any domain from the same Forest as the Universal Group
- Can allow other Universal Groups of the same Forest. (meaning, a Universal group can give permissions to another universal group, as a whole. But the other Universal group must belong to the same Forest)
- Can be converted to
- domain local or
- Global group (as long as its not a member of another Universal Group)
- Global Groups - Allows management of users within the same domain.
- Can grant permissions to users of the same 'Parent Group'
- Can add Global groups of the same domain as the same 'Parent group'
- Can be converted to an Universal group as long as it not a member of another Global Group
- Local Groups -Allows management of resources on a computer.
- Domain Local: this can be created on a domain controller.
- Cannot be members of any other group
- Can grant permission to users, Global groups and Universal groups of ANY DOMAIN from the Same Forest.
- Can be converted to an Universal Group (as long as no other domain local groups exist as members)
- Machine Local : security scope is limited to that machine. Can include any user/group from the same Forest.
Domain - A collection of security principals that share a central database (in this case, the active directory). It is a set of rules of authentication by which each entity will be identified by.
To understand them better you can view the whole security groups as a Venn Diagram. Think of the Forest as the Universal Set, and everything will fall in place.
No comments:
Post a Comment