Thursday, 16 October, 2008 7:19 PMHello All,
I am studying for my MCSE. I am trying to make sure I grasp the latest chapter I am regarding groups and the explanation about domains. I do apologize if these are stupid questions bout i would appreciate any feed back that you can provide.
Domain Local, Universal, and Global Groups.
This is what i understand a domain to be.
A domain is basically a group of computer that is managed through active director and a forest is a group of domains and a tree is a group of forest.
A Global Group is a security or distribution group that can be used inside any domain within the forest.
A Universal Group is a security or Distribution is the same thing it sounds like so that is where I am having trouble.
A Domain Local is a security or distribution group that can only be used within its domain.
I understand what a security group and a distribution group is. Security group basically gives a user rights to do stuff on the network and u need global or universal group if that user wanted to lets say write a file to the N drive that happens to be in another office which was in the same forest but in a different domain. Distribution just has to do with a users email I take it.
Is this a pretty good understanding of what is going on if now i would appreciate any kind of help to better get a grasp on this stuff.
- Edited by Centaur63 Thursday, 16 October, 2008 7:21 PM
Friday, 17 October, 2008 5:57 AMYou have mixed up your trees and forests. And a bit more. =)
A domain can have, not just computers, but different types of objects as well. Basically, a domain is a collection of objects sharing a common directory database (active directory), share the same namespace, and defined security policies and relationships. An example of a domain is microsoft.com.
A tree, on the other hand, is a group of domains connected together through transitive, bidirectional trust, sharing a common schema, configuration, global catalog and a contiguous namespace. The technet.microsoft.com, msdn.microsoft.com and microsoft.com domains form a domain tree (technet.microsoft.com and msdn.microsoft.com being child domains of microsoft.com).
A forest is a group of one or more Active Directory trees that trust each other (transitive bidirectional trust relationships) and sharing a common schema. When a forest is comprised by multiple trees, the trees do not share a contiguous namespace. For example, the domain tree microsoft.com and msn.com may not share the same contiguous namespace but are in the same forest as they share the same schema and have established trust relationships.
On the topic of users and groups, the following Technet articles should provide you with a clear understanding of the scopes, types and their differences:
Understanding User and Group Accounts:
Salvador Manaois III
MCSE MCSA CEH MCITP | Enterprise/Server Admin
Bytes & Badz : http://badzmanaois.blogspot.com
- Marked As Answer by Michael D. AlligoodModerator Monday, 20 October, 2008 12:43 AM
Friday, 17 October, 2008 11:39 AMThanks alot for your help