NIST's guidance for a Zero Trust Architecture

Active Directory Objects

Nested Groups in Active Directory

You can make one group a member of another by using nesting of groups in Active Directory.

GroupMembers can be
Universal groupsUser accounts, computer accounts, global groups and other universal groups
Global groupsUser accounts, computer accounts and global groups from the same domain
Domain local groupsUser accounts, computer accounts, domain local groups from the same domain, universal groups and global groups

Say Group B is nested within Group A then members of B inherit all permissions assigned on group A.

Nesting groups can be very useful in delegating access through inheritance and nesting using global groups can help in controlling replication traffic.

Related posts
Active Directory Objects

Active Directory User properties – General tab

Active Directory Objects

AD computer object security tab

Active Directory Objects

Active Directory Computer Delegation tab

Active Directory Objects

Active Directory Computer Objects Tabs

Leave a Reply

Your email address will not be published. Required fields are marked *