Machine local groups
This type of group can be created on a local computer. The security scope of this group is limited to this local machine. This group can include members that are Domain local groups, domain global groups and users within its domain and forest.
Domain local groups
This type of group can be created on a domain controller of its perspective domain. This group can only be used to assign permission on resources within the same domain. This group can include user accounts, universal groups, and global groups from any domain.
Domain global groups
This type of group can be created on a domain controller of its perspective domain. This group can be used to assign permission on resources in any trusted domain. This group can include user accounts, universal groups, and global groups from any domain.
Universal groups
This type of group can be created on a domain controller of its perspective domain that is running in mixed mode or higher. This group is known as “jack-of-all-trade” because it is used to assign permissions to resources in multiple domains. This group can include user accounts, universal groups, and global groups from any domain.
Not Satisfied ? Just search & get the result
Related posts:
- Security Principal Accounts in Server 2003 Active Directory
- Active Directory Security in Server 2003
- How to view the effective permissions granted to a security principal for an Active Directory object
- What is the difference between Active Directory Forest and Domain?
- Windows Server 2003 Active Directory Terminology and Concepts
