Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: Domain Local, Global and Universal Groups

Domain Local, Global and Universal Groups 4 years 1 week ago #38187

  • truesdq
  • truesdq's Avatar
  • Offline
  • Distinguished Member
  • I am simple and have friendly nature
  • Posts: 88
  • Thank you received: 2
  • Karma: 1
:huh: i am asking about Domain Local , Global and universal Group Although
i found Definition like Domain local has Access to local domain ( some where Else
everywhere in Domains in same Forest) and Global Group can access everywhere in every domain in forest
and universal Group in everywhere in domains in same and other Forest (trusted) and replicated to Global Catalog
as well... both Global and universal groups can add to Domain Local but not to Global Group and Global can add to universal
but i can't still get what does it mean?
Why we need to add Global OR universal Groups to Domain local for access some resourse Although we can add directly Both
these GROUPs .....these very Confused Stuff for me.....Please any1 can Explain with Examples ,,, to get the idea...
Where AGDLP and AUGDLP strategies based on these :sick:
Thanks in Advance
simplest
Last Edit: 4 years 1 week ago by truesdq.
The administrator has disabled public write access.

Re: Domain Local, Global and Universal Groups 3 years 10 months ago #38205

  • Nevins
  • Nevins's Avatar
  • Offline
  • Expert Member
  • Posts: 438
  • Thank you received: 9
  • Karma: 4
Don't over think it.

Active Directory is basically just a tiered system which allows you to group users and cluster groups of users while dictating their usage policies.

Here is a good intro video to Active Directory (38 minutes long)




The idea of this system is that users can be assigned permissions based on their roles with efficient grouping. AGDLP and AUCDLP are simply methods of assigning permissions.

AGDLP

AUCDLP



en.wikipedia.org/wiki/AGDLP



To put it simply

AGDLP stands for :account, global, domain local, permission
AGUDLP stands for: account, global, universal, domain local, permission

What these strategies do is allow or deny users access and permissions to objects.

With AGDLP accounts are put in global groups and assigned to domain local groups which are applied to permissions associated to an object.

ACCOUNT---> GLOBAL GROUP----> DOMAIN LOCAL GROUP----> PERMISSION TO OBJECT

So with a quick example a printer is an object, your account needs access to the printer, you are then placed in a global group of the people in your office which has access to that printer nested inside a domain local group.

With AGUDLP universal groups are added. The job of a universal group is to exist among all domains allowing global groups to be combined from different domains. Basically universal groups are just group clusters.

An example in this case a printer is an object, your account needs access to the printer, you are then placed in a global group of the people in your office which has access to that printer nested inside universal group and a domain local group. Typically your global group will share the universal group with other people who need the printer but don't exist in the same domain.
Useful Threads
================================
www.firewall.cx/forum/2-basic-concepts/3...e-resource-page.html
The administrator has disabled public write access.

Re: Domain Local, Global and Universal Groups 3 years 8 months ago #38232

  • truesdq
  • truesdq's Avatar
  • Offline
  • Distinguished Member
  • I am simple and have friendly nature
  • Posts: 88
  • Thank you received: 2
  • Karma: 1
:side: Thanks Nevins for telling and sharing Videos
simplest
The administrator has disabled public write access.
Time to create page: 0.076 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup