Notes to prepare for Active Directory Certification (70-294)__Part V

Administering Groups

**********************
A group is a collection of user accounts.

Two group types:
Security
Distribution
**********************
Windows Server 2003 uses only security groups.

A security group has all the capabilities of a distribution group.

Applications use distribution groups as lists for nonsecurity-related functions. Such as sending email messages to a group of users at the same time. Only programs that are designed to work with Active Directory can use distribution groups.
**********************
Group Scopes

When you create a group, you must select a group type and a group scope. There are four group scopes: local groups, domain local groups, global groups, and universal groups.

Universal groups are only available if your domain functional level is set to the Windows 2000 native domain functional level.
**********************
Default Groups

Windows Server 2003 has four categories of default groups:
Groups in the Buitin folder
Groups in the Users folder
Special identity groups
Default local groups
**********************
Windows Server 2003 bases special identity group membership on how the computer is accessed, not on who uses the computer.
**********************
The Everyone Group and the Anonymous User Group

In Windows Server 2003, the Anonymous Logon group is no longer a member of the Everyone group.
**********************
Implementing Groups

You can use universal groups to grant or deny access to resources that are located in more than one domain.
**********************
Group Nesting

Group nesting refers to placing one group in another, so that the group becomes a member of parent group.
**********************
Creating Groups

You can use Active Directory Users and Computers console in Administrative Tools or the dsadd commandline utility to create groups.

You can use the dsmod command-line utility to modify one or more existing groups.

**********************

No comments: