Tham khảo tài liệu 'windows server 2008 inside out- p26', công nghệ thông tin, quản trị mạng phục vụ nhu cầu học tập, nghiên cứu và làm việc hiệu quả | Managing Groups 1217 granted. In practice you will almost always use security groups because they include distribution group functionality and are the only types of groups that have DACLs. Domain Local Groups Consider using domain local groups first when you are giving groups or users access to local domain resources. For instance if you have a domain named and you want users or groups in that local domain to access a shared folder in the local domain you could create a domain local group called SalesPersons insert in the SalesPersons group the users and global groups you want to give access to the shared folder and then assign the SalesPersons group permissions on the resource. Access policies for domain local groups are not stored in Active Directory. This means that they do not get replicated to the global catalog and thus queries performed on the global catalog will not return results from domain local groups. This is because domain local groups cannot be determined across domains. Global Groups Use global groups to give users or groups access to resources according to how they have been organized. For instance users from the Marketing or Development departments could be put in separate global groups in order to simplify administration of their need to access resources like printers and network shares. Global groups can be nested in order to grant access to any domain in the forest. Universal Groups Universal groups have very few fundamental restrictions. Universal groups can be a tempting shortcut for administrators to use because they can be used across domains in the forest. Memberships in universal groups can be drawn from any domain and permissions can be set within any domain. However using universal groups as your main method of grouping users groups and computers has a significant caveat. Universal groups are stored in the global catalog and whenever changes are made to a universal group the changed properties must be .