RIORDAN MANUFACTURING

Riordan Manufacturing



Riordan Manufacturing

The purpose of this paper is to discuss the nesting techniques used to classify users into groups using the scopes that are available in Windows Server for Riordan manufacturing. Nesting is when you add a group as a member to another group. This allows member accounts to be consolidated and reduces network traffic by preventing replication. User rights are inherited when you nest a group in another group. For example, if you make Group_A a part of Group_B then Group_A has all of the same permissions as Group_B. When you investigate groups within Active Directory, you will see that you have many to choose from. The type and scope of group that you choose to create will depend on how that group can be used and where it can be used within the enterprise. Knowing how the Active Directory groups are designed by Microsoft will help you develop a solid group strategy for assigning permissions. In addition to knowing how to design your groups, there are some pitfalls with user and group nesting that you want to avoid, as these pitfalls create a very insecure environment. When you jump into the Active Directory Users and Computers interface to create some groups, you will immediately see that there are many options to choose from.

There are several different types of accounts in Active Directory. User accounts are actual users of the system. Groups are users that are grouped based on function, department, need, etc. There are two categories for user accounts. They are domain user accounts and local user accounts. Local accounts are users that are on local computers and they are only able to have access to what the local computer allows. Local accounts cannot access any resource that is out of their particular domain. Domain user accounts can access any resource that is on their local system, as well as any group that the account is a member of. Understanding the specifics of these groups will help you design and determine which options to pick for the group that you are creating. For each group, you need to know what objects it can contain, as well as the overall purpose of the group. For the group scope, you are determining where the group should be used within the Active Directory enterprise. Your group selection here determines a lot about how you want to use the group within the overall assignment of permissions. Before we discuss each group specifically, the overall picture of group and user nesting is designed to be as follows:

Users go into Global Groups, Global Groups go into Domain Local Groups, and Domain Local Groups are listed on the Access Control List (ACL) of the resource.

Users go into Global Groups, Global Groups go into Universal Groups, Universal Groups go into Domain Local Groups, and Domain Local Groups are listed on the Access Control List (ACL) of the resource.

Domain Local Group - This group scope is designed to contain Global Groups and Universal Groups, even ...