Administering Windows 2003 – MCSE 70-290
Group Scope
There are three types of groups in Windows Server 2003: Universal Scope, Global Scope, and Domain Local Scope.
Universal Scope groups can includes groups and accounts from any domain in the domain tree or forest and can be assigned permissions in any domain or forest. You can use Universal Scope groups to consolidate groups across multiple domains. For example, if you have Asia and US as two domains in your AD environment and have a global scope group, GMarketing, in each domain, you can create a UMarketing Universal Scope group which contains both of the GMarketing groups.
Universal Groups are replicated across domains, however, Global Groups inside them are not replicated. You should only use Universal Groups for groups that do not change frequently to decrease replication traffic.
Global group members can include other groups and user accounts only from the domain in which the group is defined and can be assigned permissions in any domain in the forest.
Global Groups should be used for most security functions. Global Scope groups will be your most commonly used group – containing users and computer accounts and using these groups for security access permissions. We recommend a common naming scheme among domains – for example if you have GOperations in your Asia domain, you should have the Operations group named GOperations in the US domain. Global groups do not replicate outside their own domain.
Domain Local groups include groups or accounts from Windows Server 2003, Windows 2000, or Windows NT domains and can be assigned permissions only within a domain. You can also use Domain Local groups for security access within a single domain.
Group Naming Schemes
We recommend you create a standard naming scheme for your groups. This standard can be anything you desire, in our examples, we use G, D, and U at the beginning of the group name to specify Global, Domain Local, and Universal groups. For example:
GMarketing – Marketing users Global group
UAdmins – Universal group for the system administrators
DPayroll – Domain Local group for payroll users
It’s great to have such an excellent tutorial posted freely on the net. I so much benefited from this win server 2003 tutorials and this reply is in appreciation for your wonderful work.
I am about to seat for my CCNA and my next target is MCSE and i have found your turials very usefull.
Please i look forward in anticipation for the posting of part 4 of the MCSE tutorial “Managing Hardware and Devices”
Thanks and God bless UUUUUUUUUU
I find this online tutorial very helpful. Where else can one get so much knowledge on Windows Server 2003. I thank the owners of this website so much. With this tutorial i know i can now prepare to take my MCSE Exams.
Thanx!
I’m intersted to this kind of course. I want to begin with MCSE. Feedback later.
Thanks for being generous with your knowledge. Most sites are now selling, even Microsoft themselves.