Caution!!!

Sole propose of this blog is to provide adequate references for Bachelors of Science in Computer Science and Information Technology (B.Sc.CSIT) students' of Tribhuvan University of Nepal and the posts are published according to the topics of the syllabus.

Misuse of the contents on this blog is strictly prohibited.

Thursday, March 8, 2012

Creating a Group Object


Creating a Group Object
Groups are an important class of object because they are used to collect users, computers, and
other groups to create a single point of management. The most straightforward and common
use of a group is to grant permissions to a shared folder. If a group has been given read access
to a folder, for example, then any of the group’s members will be able to read the folder. You
do not have to grant read access directly to each individual member; you can manage access to
the folder simply by adding and removing members of the group.
To create a group:
1. Open the Active Directory Users And Computers snap-in.
2. In the console tree, expand the node that represents your domain (for instance, contoso.
com) and navigate to the OU or container (such as Users) in which you want to create
the group.
3. Right-click the OU or container, choose New, and then select Group.
The New Object – Group dialog box appears, as shown in Figure 2-6.
4. Type the name of the new group in the Group Name box.
Most organizations have naming conventions that specify how group names should be
created. Be sure to follow the guidelines of your organization.
By default, the name you type is also entered as the pre-Windows 2000 name of the new
group. It is very highly recommended that you keep the two names the same.
5. Do not change the name in the Group Name (Pre-Windows 2000) box.
6. Choose the Group type.
A Security group can be given permissions to resources. It can also be configured
as an e-mail distribution list.
A Distribution group is an e-mail–enabled group that cannot be given permissions
to resources and is, therefore, used only when a group is an e-mail distribution list
that has no possible requirement for access to resources.
Figure 2-6 The New Object – Group dialog box
7. Select the Group Scope.
A Global group is used to identify users based on criteria such as job function, location,
and so on.
A Domain local group is used to collect users and groups who share similar
resource access needs, such as all users who need to be able to modify a project
report.
A Universal group is used to collect users and groups from multiple domains.
Group scope will be discussed in more detail in Chapter 4, “Groups.”
Note that if the domain in which you are creating the group object is at a mixed or
interim domain functional level, you can select only Domain Local or Global scopes for
security groups. Domain functional levels will be discussed in Chapter 13, “Domains
and Forests.”
8. Click OK.
Group objects have a number of properties that are useful to configure. These can be
specified after the object has been created.
9. Right-click the group and choose Properties.
10. Enter the properties for the group.
Be sure to follow the naming conventions and other standards of your organization.
The group’s Members and Member Of tabs specify who belongs to the group and what
groups the group itself belongs to. Group membership will be discussed in Chapter 4.
The group’s Description field, because it is easily visible in the details pane of the Active
Directory Users And Computers snap-in, is a good place to summarize the purpose of
the group and the contact information for the individual(s) responsible for deciding
who is and is not a member of the group.
The group’s Notes field can be used to provide more detail about the group.
The Managed By tab can be used to link to the user or group that is responsible for the
group. Click the Change button underneath the Name box. To search for a group, you
must first click the Object Types button and select Groups. The Select User, Contact, Or
Group dialog box will be discussed later in this lesson.
The remaining contact information on the Managed By tab is populated from the account
specified in the Name box. The Managed By tab is typically used for contact information
so that if a user wants to join the group, you can decide who in the business should be
contacted to authorize the new member. However, if you select the Manager Can Update
Membership List option, the account specified in the Name box will be given permission
to add and remove members of the group. This is one method to delegate administrative
control over the group. Other delegation options are discussed in Lesson 3.
11. Click OK.


Reference: Configuring Windows Server 2008 Active Directory
Dan Holme, Danielle Ruest, Nelson Ruest, Tony Northrup
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)