Group Management Strategy - help...

Pre-Test....

I ran into this question and I just have no idea where to turn to better understand this type of question...

The Contoso, Ltd Active Directory domain includes one Windows Server 2003 domain controller and two Windows NT 4.0 domain controllers. There are fewer than 150 users in the domain. The company does not plan to add domains in the future. Which user group management strategy is appropriate for this organization?

A G L P
A DL P
A G U DL P
A G DL P

I am lost on this one, not sure what I should be doing. I see the chart explaining that DL = Domain Local, but I really don't see what a domain local, universal and global groups are for? They seem to do the same thing.

What do you think?

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

dynamik

[edit]
Ignore me on this one. Mishra nailed it.

This is still a good link though:
The groups vary based on where members can be assigned from and where the groups can be assigned resources: Groups in Server 2003?

Mishra

Accounts are placed into Global Groups, which are placed into Universal Groups, which are placed into Domain Local Groups where Permissions are assigned

They are trying to teach you that you don't need to use universal/global groups if you have a simple environment. So use A DL P

However in the real world you should set your domain up with A G DL P to make it simple if you ever need to go to a multi domain environment.

Daniel333

Thanks!

Mishra

Dunno if this makes sense to you but I sometimes memorize this as

A GULP

accounts - global - universal - local - permissions

famosbrown

I don't know...that might be one of those trick questions since it says there is a domain with Windows server 2003 and Windows NT domain controllers. This would lead me to assume that the functional level would be Windows Server 2003 Interim, so you would not be able to use Universal Groups except for Distribution Groups, so I would choose A G DL P.

rjbarlow

This topic is the one because I decided to postpone my exam.

Revenue

My instructor told it to me this way :P seemed to stick fine..

All Girls Usually DoLike Parties

accounts - groups - Universal - Domain Local - Permissions

Might help someone else,

DragonNOA1

Though I cant seem to find any documentation on it, if you have NT 4.0 domain controllers you must use A G L P b/c NT 4.0 does not have domain local groups but only local groups. You are really assigning global groups to local groups. Can anyone confirm this? This is what I was taught about NT 4.0 and a mixed mode domain.

famosbrown

DragonNOA1 wrote:

Though I cant seem to find any documentation on it, if you have NT 4.0 domain controllers you must use A G L P b/c NT 4.0 does not have domain local groups but only local groups. You are really assigning global groups to local groups. Can anyone confirm this? This is what I was taught about NT 4.0 and a mixed mode domain.

Yes...I believe you are correct. In Mixed Mode, the Domain Local Groups may just apply to the Domain Controllers and not Members Servers. I remember reading about this when I was studying in the past, but I can't recall any references or anything...or I could have just misinterpreted what I read

Pash

The technotes are fecking awesome for group management and where you might wan't to use universal groups in native mode etc. Suggest you take a look if you havent