Building a group structure - the "AGDLP" principle

By Ute Schwietering, (comments: 0)

When setting up the Active Directory the question arises as to how to deal with the various group scopes. Windows offers global, domain local and universal groups. This article describes the role based group organisation - which is recommended by Microsoft for an efficient permission administration - on the basis of the so-called "AGDLP" principle. This principle offers you an optimal group nesting which reduces your amount of work, increases the transparency of permissions and - when dealing with more than one domain - lessens the replication work in the network.

Read more …