Chapter 4. Managing groups
AD groups provide a way to make your day-to-day work more efficient. You allocate permissions to a group, and all of the users in the group get those permissions. You do the task once for the group instead of individually for the tens or hundreds of users in the group. This chapter shows how to manage groups in your Active Directory so that you can get these efficiency benefits. You’ll discover how to create and delete groups, as well as how to manage a group’s membership.
AD groups
AD groups are objects that act as containers for users, computers, and other groups. Groups are used to make the management of users easier, especially when it comes to granting permissions to access resources. There are a number of different types of groups, as you’ll discover in the next section. For now, just remember that you should apply permissions to groups, not users.
There are two categories of groups: security and distribution. These categories can span a number of scopes: Domain Local, Global, and Universal. The categories and scopes will be explained in this chapter, with suggested best practices for using the different types of groups in your environment.