- Term Papers and Free Essays

Active Directory User Groups Implementation

Essay by   •  September 29, 2010  •  658 Words (3 Pages)  •  2,228 Views

Essay Preview: Active Directory User Groups Implementation

Report this essay
Page 1 of 3

Jackie Shipley

POS 427

Brian Richards, Facilitator

June 13, 2005

Active Directory User Groups Implementation

Synopsis of Proposal

Subsequent to the Active Directory (AD) implementation discussion, this proposal addresses possible user accounts and group organizations for Riordan Manufacturing. This document discusses user and group accounts available through AD, and addresses possible implementation plans for the parent domain of These plans could also be implemented in the child domains for the four Riordan facilities, though addressing the actual implementations for those sites falls beyond the scope of this document.

Users and Groups

AD recognizes several types of accounts. User accounts refer to individual system users. Groups refer to user groupings based on function, need, department, or any number of criteria set by the company and/or the system administrator.

User accounts fall into two categories: domain user accounts and local user accounts. Local user accounts define users to local computers with resource access restricted to resources associated with that local computer. Local user accounts cannot access any other resources within the domain. Domain user accounts contain information that defines users to the domain, AD stores this information, and the information is replicated to the domain controller.

User groups further set and assign permissions for security and access to domain resources. Local groups represent a collection of local users on a single server or computer, with permissions assigned only to resources associated with that single server or computer. Domain local groups represent a collection of domain user accounts or groups specific to the local domain, with permissions to access resources specific to the local domain.

Global groups also contain user accounts or groups from the local domain, but these groups' permission can define access to all domains within the AD tree. Universal groups can contain users from any domain in the AD tree, with permissions set accordingly.

Group Configuration and Nesting

Presuming Riordan follows the multiple domain design previously discussed, a good strategy for Riordan would be to incorporate domain local groups, global groups, and universal groups. Universal groups would be reserved for widely-used groups that are fairly static in nature.

In order to provide the most flexible user and group configurations, allowing for network growth and reducing the number of permission assignments, the following provides a guideline for groups and group nesting:

§ Global groups - organized based on administrative needs

§ Domain local groups - identified as common resources

§ Global groups nested into domain local groups

§ Permissions assigned to domain local groups

The AD implementation



Download as:   txt (4.7 Kb)   pdf (76 Kb)   docx (10.2 Kb)  
Continue for 2 more pages »
Only available on
Citation Generator

(2010, 09). Active Directory User Groups Implementation. Retrieved 09, 2010, from

"Active Directory User Groups Implementation" 09 2010. 2010. 09 2010 <>.

"Active Directory User Groups Implementation.", 09 2010. Web. 09 2010. <>.

"Active Directory User Groups Implementation." 09, 2010. Accessed 09, 2010.