Share via


Active Directory User Group Scope & Membership

Domain Local User Groups

In this example we have two forest ABC.local and xyz.local and those are trusted each together and pqr.local domain inside the abc.local domain.There is a Domain Local user group called HR Users.

To the Domain Local user group we can add users,computers,Any Global user group,Universal user group and Domain Local user groups from the same domain.

To the Domain Local user group we can add users,computers,Universal Group and Global groups from the different domain in the same forest

Global User Group

In this example we have two forest ABC.local and xyz.local and those are trusted each together and pqr.local domain inside the **abc.local **domain.There is a Global user group called HR Users.

To the Global user group we can add users,computers and only Global user group from the same domain.

To the Global Local user group we cannot add anything from the different domain or different forest.

Universal User Group

In this example we have two forest ABC.local and xyz.local and those are trusted each together and pqr.local domain inside the **abc.local **domain.There is a Universal user group called HR Users.

To the Global user group we can add Users,Computers,Global Groups,Universal Groups from the same domain.

To the Global user group we can add Users,Computers,Global Groups,Universal Groups from the different Domains in the same Forest

To the Global Local user group we cannot add anything from the different ] different forest due to global catalog server requirement.