Home‎ > ‎CIS 195‎ > ‎

Lesson 10: Active Directory Groups and Organizational Units

Presentation slides are here

  • Configure group nesting
  • Convert groups including security, distribution, universal, domain local, and domain global
  • Manage group membership using Group Policy
  • Enumerate group membership
  • Delegate the creation and management of Active Directory objects
  • Manage default Active Directory containers
  • Create, copy, configure, and delete groups and OUs

access token: An Active Directory Domain Services (AD DS) component that identifies the user and all the user's group memberships.

Delegation of Control Wizard: A tool in the Active Directory Users and Computers console that assigns permissions based on common administrative tasks.

distribution groups: Nonsecurity-related groups created for the distribution of information to one or more persons.

domain local group: A type of group that you use to assign permissions to resources in the same domain as the group. 

global group: A type of group that you use to grant or deny permissions to any resource located in any domain in the forest.

group nesting: The process of configuring one or more groups as members of another group.

security groups: Security-related groups created for purposes of granting resource access permissions to multiple users.

universal group: A type of group used to provide access to resources located in any domain in the forest through the use of domain local groups.