Group Scope - Domain Local, Global and Universal Group Scopes

The scope of a group determines where in the Active Directory network we can use the group to assign permissions to the group. There are three group scopes and they are domain local, global, and universal. The differences between these are listed below.

Group Scope	Group can include as members	Group can be assigned permissions in
Domain Local	User Accounts from any domain Global groups from any domain Universal groups from any domain Domain local groups but only from the same domain as the parent domain local group	Member permissions can be assigned only within the same domain as the parent domain local group
Global	User Accounts from the same domain as the parent global group Global groups from the same domain as the parent global group	Member permissions can be assigned in any domain
Universal	User Accounts from any domain within the forest in which this Universal Group resides Global groups from any domain within the forest in which this Universal Group resides Universal groups from any domain within the forest in which this Universal Group resides	Any domain in the forest

<< What is the difference between Security Group and Distribution Group

How to create an Active Directory Group >>

Like us on

Share on

Search

Group Scope - Domain Local, Global and Universal Group Scopes

Like us on

Share on