IT Questions and Answers :)

Wednesday, May 15, 2019

There are two types of groups recognized by Active Directory: Security and _________

There are two types of groups recognized by Active Directory: Security and _________

  • Peer
  • Domain
  • Global
  • Distribution 

There are two types of groups recognized by Active Directory: Security and _________


Group Types

Two types of groups can be created in Active Directory. Each group type is used for a different purpose. A security group is one that is created for security purposes, while a distribution group is one created for purposes other than security purposes. Security groups are typically created to assign permissions, while distribution groups are usually created to distribute bulk e-mail to users. As one may notice, the main difference between the two groups is the manner in which each group type is used. Active Directory allows users to convert a security group into a distribution group and to convert a distribution group into a security group if the domain functional level is raised to Windows 2000 Native or above.

  • Security groups: A security group is a collection of users who have the same permissions to resources and the same rights to perform certain system tasks. These are the groups to which permissions are assigned so that its members can access resources. Security groups therefore remove the need for an Administrator to individually assign permissions to users. Users that need to perform certain tasks can be grouped in a security group then assigned the necessary permissions to perform these tasks. Each user that is a member of the group has the same permissions. In addition to this, each group member receives any e-mail sent to a security group. When a security group is first created, it receives an SID. It is this SID that enables permissions to be assigned to security groups – the SID can be included in a resource’s DACL. An access token is created when a user logs on to the system. The access token contains the user’s SID and the SID of those groups to which the user is a member of. This access token is referenced when the user attempts to access a resource. The access token is compared with the resource’s DACL to determine which permissions the user should receive for the resource.
  • Distribution groups: Distribution groups are created to share information with a group of users through e-mail messages. Thus, a distribution group is not created for security purposes. A distribution does not obtain an SID when it is created. Distribution groups enable the same message to be simultaneously sent to its group members. Messages do not need to be individually sent to each user. Applications such as Microsoft Exchange that work with Active Directory can use distribution groups to send bulk e-mail to groups of users.


Post a Comment

Popular Posts