Group Scope

Group scope

Group can include as members…

Group can be assigned permissions in…

Group scope can be converted to…

Universal
  • Accounts from any domain within the forest in which this Universal Group resides
  • Global groups from any domain within the forest in which this Universal Group resides
  • Universal groups from any domain within the forest in which this Universal Group resides

Any domain or forest
  • Domain local
  • Global (as long as no other universal groups exist as members)

Global
  • Accounts from the same domain as the parent global group
  • Global groups from the same domain as the parent global group

Member permissions can be assigned in any domain

Universal (as long as it is not a member of any other global groups)

Domain local
  • Accounts from any domain
  • Global groups from any domain
  • Universal groups from any domain
  • Domain local groups but only from the same domain as the parent domain local group

Member permissions can be assigned only within the same domain as the parent domain local group

Universal (as long as no other domain local groups exist as members)

 

 

http://technet.microsoft.com/en-us/library/cc755692%28WS.10%29.aspx

  • You are here:  
  • Home
  • Group Scope