Objective 4.2: Plan Group Structure

 < Day Day Up > 



The manner in which groups are used in an Active Directory forest depends on the functional level of each domain. At some functional levels, such as Windows 2000 Mixed and Windows Server 2003 Interim, universal groups are not supported. Similarly, the functionality of global groups varies depending on the functional level of the domain. At the Windows Server 2003 functional level, global groups can contain other global groups from the same domain. Whenever possible, permissions should be assigned to groups rather than to individual users. The recommended technique for assigning permissions in forests is to add users in domains to global groups, add those global groups to forest-wide universal groups, and then add universal groups to domain local groups in which permissions should be applied. This makes the management of groups simpler and also reduces global catalog server replication traffic.



 < Day Day Up > 



MCSA(s)MCSE Self-Paced Training Kit Exam 70-299 (c) Implementing and Administering Security in a M[.  .. ]twork
MCSA/MCSE Self-Paced Training Kit (Exam 70-299): Implementing and Administering Security in a MicrosoftВ® Windows Server(TM) 2003 Network (Pro-Certification)
ISBN: 073562061X
EAN: 2147483647
Year: 2004
Pages: 217

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net