Active Directory groups and their memberships – some basic terminology.

  1. What is a  group? A group is a collection of different Active Directory objects such as user accounts, computer accounts, and groups.
  2. Active Directory groups are basically categorized into two types: Security groups and Distribution Lists/Groups (DL). A security group can be used to grant permissions to various resources in a network such as granting permissions to shares, New Technology File System (NTFS) permissions, printer permissions, and many more similar activities.
  3. Distributions LIsts (DL) are e-mail-enabled groups, Security groups can be mail-enabled and used as a DL and vice versa.
  4. Both of these groups are further characterized by a scope that identifies the extent to which the group is applied in a domain tree or forest. This means that the scope of a group determines whether it can have members from the same domain, different domains, or different forests.
  5. There are three types of scope available in Active Directory that apply to both of these groups. They are universal, global, and domain local.

Next Steps?


Need an experienced AWS/GCP/Azure Professional to help out with your Public Cloud Identity Migration? Set up a time with Anuj Varma.