The Administer Active Directory Groups and OUs module provides you with the instruction and server hardware to develop your hands on skills in the defined topics. This module includes the following exercises:

  • Manage Group Nesting
  • Manage Group Membership using GPO

Lab Time: It will take approximately 1 hour to complete the exercises in this lab.

Exam Objectives

The following exam objectives are covered in this lab:

  • Configure group nesting, convert groups, including security, distribution, universal, domain local and global
  • Manage group membership using Group Policy and Windows PowerShell
  • Enumerate group membership

Exercise 1 - Manage Group Nesting

Managing access to network resources like applications, folders/files for large organizations that span more than on Active Directory domain can be significantly simplified with the use of group nesting. Group nesting is the process of adding security groups to other security groups.

Group nesting depends on the group scopes in a Windows AD domain, namely:

Domain local group - is a group scope originating from the same domain. This group can be granted permissions and rights in the same domain. User accounts, universal group and global groups from any trusted domain can be added as members.

Global group - is a group scope that can be granted permissions and rights in another trusted domain. Global group can be added into a Domain local group.

Universal group - is a group for rounding up user accounts, universal and global groups from any trusted domain. Membership in this group scope is normally kept static, as changes in the group membership in universal group is replicated throughout the Active Directory forest that include multiple domains.

Implementing group nesting can cut help reduce the number of permissions to access corporate assets and simplify the assignment of user rights to perform system tasks such as loading/unloading devices drivers.

Exercise 2 - Manage Group Membership Using GPO

You can use Group Policy Objects to control the group memberships. The policies within the GPO govern group membership for security-sensitive groups.

Comprehensive Learning

See the full benefits of our immersive learning experience with interactive courses and guided career paths.