Definition: Active Directory group is a collection of the user account. We create groups for simplify the things.
Create Group in Active Directory:
Creating group in active directory (server 2008) is very simple, open active directory users and groups from administrative tasks. And right click on any OU and click on new then on group. Type the group name. Click on OK and group will appear in that OU.
How to add user in group:
Double click on group, go to member tab and add users by clicking add button. Type the user name in text field and click on add button. You can take the help by check name button by typing the half name instead of typing the full name. Also you can click on locations and can add users from different domain by selecting other domains. You can use the advance button to search different users and other objects.
Similarly you can add a nested group in group by member of tab.
Share Files and Folders to Users and Groups with Different Rights in Active Directory:
Right click on folder and click on “share to specific people” from share with menu, click on add to add user and group with different rights like read only, contributor
Active Directory Group scope:
Local Group Scope:
Local Group can have users from one forest, users from different domain from one forest or forest with trust relationship can be member of domain local group.
Global Scope for Group:
Users account from same domain can be member of this type of group. Global group belongs to this domain, it changes not in itself extraterritorial copy, so the global group to allow frequent internal changes (add and delete users, etc.), can take advantage of the global group to grant permissions to access resources in any domain, but generally do not directly to rights management.
Universal security group are very flexible, it can accept universal and global group from it domain. Also universal or global group users from other domain in same forest and users from forest which have trust relation with your forest.
The main role of the universal group is used to merge across different domains of the group, Universal groups Universal groups are stored in the global compilation recorded (GC), the generic group of modifications will be copied to the global catalog, a generic set of frequently modify when the invisible increases the overhead of the network, so a universal group design excellent network must not change frequently
Active Directory Groups Types:
The group was divided into two categories: security and distribution groups in Active Directory.
The distributed group is used to send an email to all users that are added in that distributed group. The distribution group is purely used to e-mail, if you want to give the financial sector all to send a message that you choose this distribution group.
You can use also send email with security group like distributes group but the difference is that the security group is used to implement Group Policy, for access, for example, you want all of the market sectors have a specific mapping disk or can open a folder.