TOPIC:

i am asking about Domain Local , Global and universal Group Although
i found Definition like Domain local has Access to local domain ( some where Else
everywhere in Domains in same Forest) and Global Group can access everywhere in every domain in forest
and universal Group in everywhere in domains in same and other Forest (trusted) and replicated to Global Catalog
as well... both Global and universal groups can add to Domain Local but not to Global Group and Global can add to universal
but i can't still get what does it mean?
Why we need to add Global OR universal Groups to Domain local for access some resourse Although we can add directly Both
these GROUPs .....these very Confused Stuff for me.....Please any1 can Explain with Examples ,,, to get the idea...
Where AGDLP and AUGDLP strategies based on these
Thanks in Advance

Don't over think it.

Active Directory is basically just a tiered system which allows you to group users and cluster groups of users while dictating their usage policies.

Here is a good intro video to Active Directory (38 minutes long)




The idea of this system is that users can be assigned permissions based on their roles with efficient grouping. AGDLP and AUCDLP are simply methods of assigning permissions.

AGDLP

AUCDLP



en.wikipedia.org/wiki/AGDLP



To put it simply

AGDLP stands for :account, global, domain local, permission
AGUDLP stands for: account, global, universal, domain local, permission

What these strategies do is allow or deny users access and permissions to objects.

With AGDLP accounts are put in global groups and assigned to domain local groups which are applied to permissions associated to an object.

ACCOUNT---> GLOBAL GROUP----> DOMAIN LOCAL GROUP----> PERMISSION TO OBJECT

So with a quick example a printer is an object, your account needs access to the printer, you are then placed in a global group of the people in your office which has access to that printer nested inside a domain local group.

With AGUDLP universal groups are added. The job of a universal group is to exist among all domains allowing global groups to be combined from different domains. Basically universal groups are just group clusters.

An example in this case a printer is an object, your account needs access to the printer, you are then placed in a global group of the people in your office which has access to that printer nested inside universal group and a domain local group. Typically your global group will share the universal group with other people who need the printer but don't exist in the same domain.

Thanks Nevins for telling and sharing Videos