Active Directory Nested Groups: Overview group nesting
After looking for the Microsoft KB article on Active Directory Group Nesting for the umpteenth time today, because I wasn’t sure on a particular issue, I decided to create a table as an overview.
What group can be member of what group in the same domain or forest?
Here are all possible group nesting memberships in one table:
Overview: Group nesting in Active Directory
Read the table as follows:
“user or computer” – can be member in -> “same domain” -> “global group”
“domain local group” – can NOT be member in -“same domain” -> “global group”
(click here for the JPG version)
| Group memberships in Active Directory in native mode |
user or computer |
global group |
universal group |
domain local group |
|
| same domain | |||||
| global group | X | X | |||
| universal group | X | X | X | ||
| domain local group | X | X | X | X | |
| local group of a domain member | X | X | X | X | |
| in a trusted domain of the same forest | |||||
| global group | |||||
| universal group | X | X | X | ||
| domain local group | X | X | X | ||
| local group of a domain member | X | X | X | ||
| in a trusted domain of another forest | |||||
| global group | |||||
| universal group | |||||
| domain local group | X | X | X | ||
| local group of a domain member | X | X | X | ||
Group nesting memberships table (jpg version)
I also prepared the table “overview group nesting” as a graphic for you:
click on the image to enlarge it
I hope this table will help you !
Do you want to manage active directory nested groups easier? Check our DynamicGroup Software.
FirstAttribute AG – Microsoft Consulting Partner for Migration and Active Directory
Leave a Reply
<p>Your email is safe with us.<br/>Information about our <a href="https://activedirectoryfaq.com/contact-us/">data protection policies</a></p>