Networkedminds

Where Networked Focused Minds Meet!

70-410 Objective 5.3 – Group Scope and Nesting Groups on Windows Server 2012 R2

by · February 12, 2016

NetworkedMindsFri, February 12, 2016 9:00am

In this video for Objective 5.3 Creating and Managing Groups and Organizational units, we will look at group scope and nesting of groups. Group Scope is defined with two characteristics, the first is the availability of the group. The second is what it can be a member of and which type of groups can use it. A table of these characteristics can be found here https://technet.microsoft.com/en-us/library/cc755692(v=ws.10).aspx. A blended strategy of using the proper group scope and the nesting of groups, will allow for the most flexibility of assignment of permissions. For example, when creating permissions we usually only use one group. We assign users to that group and then the permissions onto the resource. However, when a particular user does not fit into the model we’ve created we add that one user to the resource. This is completely wrong and it’s the reason we should use the model of AGDLP or AGUDLP. AGDLP is Accounts are added to a Global Group, the Global Group is added to the Domain Local Group and the Domain Local Group is assigned Permissions. An alternate approach is AGUDLP which is: Accounts are added to a Global Group, the Global Group is added to a Universal Group, the Universal Group is added to the Domain Local Group and the Domain Local Group is assigned Permissions. The second approach is best used in large multi domain forests, where the first approach should be used in single domain forests or multi domain forests.

Introduction – 0:10

Machine Local Groups – 0:22

Creating a Machine Local Group – 0:55

Explanation of the lab setup – 1:52

Creating a Domain Local Group under Contoso.com – 2:20

Example of a Domain Local Group’s availability in another domain – 3:20

Creating a Global Group under Contoso.com – 4:29

Example of a Global Group’s availability in another domain – 4:50

Example of using AGDLP nesting – 5:18

Recap of the AGDLP nesting and bringing it all together – 8:05

Example of using AGUDLP nesting – 9:25

Examining the Machine Local Group – 11:59

You may also like...

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.