According to the completed Active Directory Implementation Plan, Active Directory would significantly assist company authorities in providing balance between senior and general management divisions. It is believed that such a policy will help company authority to ensure secrecy of some confidential information. Considering possible expectations connected with implementation of Active Directory, it is worth considering the potential of nesting techniques to help aforementioned expectation come true.
Using nesting, you get the ability to add a group as a member of another group. The main aims of using nesting lie in consolidating member accounts and reducing replication traffic. In other words, using groups helps the operating system to enumerate permissions on an Access Control List” () When you nest one group into another group, user rights stay inherited. For instance, if you make Group A a part of Group B, then members of Group A will have the same permissions as the ones of Group B.
In order to implement nesting techniques in Riordan Manufacturing, it is beneficial to research into concepts of user accounts and groups in Active Directory. In the future it is also worth referring to AGUDLP and AGLP, which summarize Microsoft’s recommendations for incorporating role based access control (RBAC), which is used for restricting system access to authorized users at enterprises with large number of employees. So, there are several account types in Active Directory. User accounts are actual users of the system. Groups represent the set of users, who are grouped dependently on their position, function, department etc. User accounts are usually divided into local accounts and domain accounts. Users, who have local accounts, are only able to have access to what local computer allows. Domain accounts users have permission to access all the resources, which are situated within the local system, as well as whatever group.
Classification of groups is based originally based on classification of user accounts. Four major types of groups exist in Active Directory. They are local, domain local, global and universal. Each scope is distinguished from others by its replication, membership, availability and trust availability. Consideration of peculiarities of aforementioned groups’ types will allow us to define their potential for being incorporated at Riordan Manufacturing.
Local groups can be defined as collections of local users, which are created, defined on and only available to the particular computer or server they were created on. By-turn, domain local groups are collections of domain user accounts or groups, who have permissions, applicable to the local domain. They are mostly used as rule groups, which help manage permissions to resources. Global groups are most often used to define collections of objects within the domain (users, other global groups, computers) and establish role groups in terms of enterprise. In case multidomain forest exists, universal groups can be applied independently on limitations by rule or role.
Usually several types of groups coexist in terms of one Active Directory. According to the aims of Implementation Plan provided and best practices of nesting techniques usage, domain local groups, global …