Group |
Description |
---|---|
Domain local |
Used to grant permissions within only the local domain. May contain user accounts and global groups from any trusted domain. Permissions granted are valid only within the local domain, regardless of where the account or group originated. |
Global |
Used to grant permissions across the entire forest. May contain only global groups and user accounts. Replicates only the group name between domains, not the group membership list, so replication traffic is less than with universal groups. |
Universal |
Used to grant permissions across the entire forest. Usually contains other groups, rather than individual user accounts. Can contain any type of group. Must replicate to all domains in the forest, so frequent changes to group membership can generate significant network traffic. |