1
00:00:06,430 --> 00:00:17,440
Windows Server 2016 and later versions such as Windows Server 2019 supports group scope and the scope

2
00:00:17,440 --> 00:00:26,400
of a group determines both the range of groups abilities or permissions and the group membership.

3
00:00:26,410 --> 00:00:34,410
There are four groups schools local domain local global and universal.

4
00:00:34,510 --> 00:00:44,140
Let's discuss each of these scopes local you use this type of group for standalone servers and workstations

5
00:00:44,410 --> 00:00:53,410
on demand member servers that are not domain controllers or On Demand member workstations local groups

6
00:00:53,410 --> 00:01:01,930
are truly local which means that they are available only on the computer where they exist.

7
00:01:01,990 --> 00:01:10,390
The important characteristics of a local group are you can assign abilities and permissions on local

8
00:01:10,390 --> 00:01:11,350
resources.

9
00:01:11,440 --> 00:01:21,460
Only men in on the local computer members can be from anywhere in the 80 days forest and can include

10
00:01:21,820 --> 00:01:31,480
any security principals from the domain such as users computers or global groups or domain local groups.

11
00:01:31,480 --> 00:01:40,830
Members can also include users computer of sound global groups from any domain in the forest or users

12
00:01:40,840 --> 00:01:49,550
computers and global groups from any trusted domain and members can be also universal groups defined

13
00:01:49,570 --> 00:01:51,700
in any domain in the forest.

14
00:01:51,730 --> 00:01:54,290
The next scope is domain local.

15
00:01:54,360 --> 00:02:03,730
You use this type of group primarily to manage access to resources or to assign management responsibilities

16
00:02:04,060 --> 00:02:12,520
or rights domain local groups existing domain controllers and the ADA the US Forest and consequently

17
00:02:12,790 --> 00:02:18,270
the group scope is local to the domain in which they reside.

18
00:02:18,280 --> 00:02:25,750
The important characteristics of domain local groups are that you can assign abilities and permissions

19
00:02:25,750 --> 00:02:32,790
on domain local resources only which means on no computers in the local domain.

20
00:02:32,920 --> 00:02:41,650
Members can be from anywhere in the 80 days forest and can include any security principles from their

21
00:02:41,650 --> 00:02:42,490
domain.

22
00:02:42,610 --> 00:02:47,730
Users computers global groups or domain local groups.

23
00:02:47,770 --> 00:02:56,230
These could be users computers and global groups from any domain in the forest or any trusted domain.

24
00:02:56,230 --> 00:03:02,560
This also can be universal groups defined in any domain in the forest.

25
00:03:02,590 --> 00:03:04,890
The next scope is global.

26
00:03:04,960 --> 00:03:12,460
You can use this type of group primarily to consolidate users who have similar characteristics.

27
00:03:12,460 --> 00:03:20,800
For example you might use global groups to consolidate to users who are part of a department or geographic

28
00:03:20,800 --> 00:03:21,790
location.

29
00:03:21,790 --> 00:03:28,870
The important characteristics of the global groups are that you can assign abilities and permissions

30
00:03:29,170 --> 00:03:38,070
anywhere in the forest and members can be from the local domain only and can include users computers

31
00:03:38,070 --> 00:03:41,470
and global groups from the local domain.

32
00:03:41,800 --> 00:03:51,010
And finally universal scope you can use this type of group most often in Malta domain networks because

33
00:03:51,010 --> 00:03:58,060
it combines the characteristics of both domain local group and Global Group.

34
00:03:58,060 --> 00:04:05,830
Specifically the important characteristics of universal groups are that you can assign abilities and

35
00:04:05,830 --> 00:04:14,620
permissions anywhere in the forest as with global groups and the members can be from anywhere in the

36
00:04:14,970 --> 00:04:23,470
80 days forest and can include user's computer or sound global groups from any domain in the forest.

37
00:04:23,470 --> 00:04:32,080
Members can also be universal groups defined in any domain in the forest Roberta's of universal groups

38
00:04:32,080 --> 00:04:41,260
propagate to their global catalog and are a whaler all across the enterprise network on all domain controllers

39
00:04:41,590 --> 00:04:45,730
that host the global Catskill cattle local role.

40
00:04:45,730 --> 00:04:54,210
This makes universal groups membership lists more accessible which is useful in Malta demands scenarios.

41
00:04:54,220 --> 00:05:02,650
For example if you use a universal group for email distribution purposes you can determine the membership

42
00:05:02,650 --> 00:05:04,580
list more quickly.

43
00:05:04,600 --> 00:05:08,140
In just attributed Mall to demand networks.

44
00:05:08,150 --> 00:05:08,470
No.

45
00:05:08,480 --> 00:05:17,060
Let's summarize the basic properties of the four groups scopes the first group scope is local.

46
00:05:17,060 --> 00:05:26,180
It can include members from domain users domain computers globally groups and universal groups from

47
00:05:26,300 --> 00:05:28,100
any domain in the forest.

48
00:05:28,100 --> 00:05:36,140
It can also include members from domain local groups from the same domain as for assigned permissions

49
00:05:36,470 --> 00:05:44,100
you can assign permissions to local computer resources only within local group scope.

50
00:05:44,390 --> 00:05:48,570
As for can it be converted to any other groups.

51
00:05:48,590 --> 00:05:50,780
In this case it's not applicable.

52
00:05:50,840 --> 00:05:54,670
The next group is domain local within this group scope.

53
00:05:54,670 --> 00:06:05,060
You can include members from domain users domain computers global groups and universal groups from any

54
00:06:05,060 --> 00:06:06,700
domain in the forest.

55
00:06:06,710 --> 00:06:14,120
You can also include domain local groups from the same domain as for permissions they can be assigned

56
00:06:14,120 --> 00:06:17,090
to local domain resources.

57
00:06:17,120 --> 00:06:26,900
Only the domain local school can be converted to universal groups if no other domain local group exists

58
00:06:27,170 --> 00:06:28,230
as member.

59
00:06:28,310 --> 00:06:30,010
Next one is global.

60
00:06:30,050 --> 00:06:38,090
It can include members from domain users domain computer ascend global groups from the same domain can

61
00:06:38,090 --> 00:06:46,100
be assigned permissions to any domain resource in the forest and can be converted to universal groups

62
00:06:46,430 --> 00:06:49,940
if it is not a member of any other global groups.

63
00:06:50,000 --> 00:06:52,440
And finally universal school.

64
00:06:52,550 --> 00:07:01,340
It can include members from domain users domain computers global group sound universal groups from any

65
00:07:01,340 --> 00:07:03,050
domain in the forest.

66
00:07:03,170 --> 00:07:10,640
It can be assigned permissions to I need a main resource in the forest and can be converted to domain

67
00:07:10,640 --> 00:07:13,310
local groups and global groups.

68
00:07:13,310 --> 00:07:17,090
If no other universal groups exist as members.