February 12, 2004

Enumerating Nested Group Membership

Drill down through complex nested groups
A Web Exclusive from Windows IT Pro
Robbie Allen
Feature
InstantDoc #41500
Windows IT Pro
Email this Article
Printer Friendly
Reader Comments
Digg This
Del.icio.us
RSS
View this exclusive article with VIP access -- click here to join |
See More Active Directory (AD) Articles Here | Reprints | Or sign up for our VIP Monthly Pass!

One nice benefit of Active Directory (AD) over Windows NT is that AD supports complex group nesting. Nested groups give you flexibility in designing your group structure and applying ACLs to resources. This feature becomes available as soon as you raise an AD domain to the Windows Server 2003 functional level or the Windows 2000 native domain mode.

Nested groups are powerful, but they also add complexity. Because some group members might be groups themselves, you often can't simply look at the members of a group and determine which users will be affected by granting the group access to a resource. The Microsoft Management Console (MMC) Active Directory Users and Computers snap-in doesn't provide much help because it displays only the users that are direct members of a group. You have to double-click each member group to view its membership individually. But a simple script can take the legwork out of drilling down through nested-group membership.

Group Attributes
To illustrate group nesting, consider a group structure that mimics the hierarchy of a university's Computer Science department. Each class in the department is a group consisting of the students who have signed up for the class. Together, all the departmental class groups make up the Computer Science department group. Finally, the Computer Science department group is a member of the Engineering school group. This nested group structure provides the flexibility to grant access to resources to as broad an audience as everyone in the Engineering school or to as limited an audience as only the students in a particular Computer Science class. . . .

Top Viewed ArticlesView all articles
10 Reasons to Deploy Windows Vista

The decision to upgrade your XP systems to Vista is simple when you consider features such as easier backup, a great desktop search, and vastly improved security options. ...

10 Reasons Not to Deploy Windows Vista

The decision to upgrade to Vista has to make business sense, but many companies find the costs in training and application compatibility problems outweigh any benefits Vista brings. ...

WinInfo Short Takes: CES 2009 Special Edition

An often irreverent look at some of the week's other CES 2009 news, including covering the Vegas spectacle from the comfort of my own home, Windows 7 public beta, a weird Microsoft song application, Palm Pre, pending Microsoft mobile moves, and much more ...
Active Directory (AD) Whitepapers Sustainable Compliance: How to reconnect compliance, security and business goals

Managing Unix/Linux with Microsoft System Center Operations Manager 2007 Cross Platform Extensions Beta

Addressing the Insider Threat with NetIQ Security and Administration Solutions
Related Events Concrete Ways to Make Sure Your SharePoint Deployment Doesn't Blow Up

Introduction to Identity Lifecycle Manager "2"

PCI Requirements for Windows and Active Directory: Straight from a Certified Auditor

Check out our list of Free Email Newsletters!
Active Directory (AD) eBooks Keeping Your Business Safe from Attack: Monitoring and Managing Your Network Security

Keeping Your Business Safe from Attack: Encryption and Certificate Services

Windows 2003: Active Directory Administration Essentials
Related Active Directory (AD) Resources Become a VIP member of the Windows IT Pro community!
Get it all with the VIP CD and VIP access. A $500+ value for only $279!

Subscribe to Windows IT Pro!
Solve your toughest technical problems with our experts and access 10,000 + articles online. 30% off

Monthly Online Pass - Only $5.95!
Get instant access to 10,000+ articles from Windows IT Pro Magazine!

TechNet Virtual Labs
Evaluate and test Microsoft's newest products.



ADS BY GOOGLE

Job Openings in IT SPONSORED LINKS FEATURED LINKS
Download Data Protection Manager 2007
Disaster recovery at a low cost

Maximize speed, performance and reliablity of your PCs and servers—automatically!
Speed Up Your PC! Try Diskeeper 2008 with InvisiTasking Free Now!

Microsoft Learning Snack - Green IT Through Virtualization
Many organizations face rising operating costs caused by excessive energy consumption. Virtualization and "Green IT" can help cut these costs. Get the information you need to bring Green IT savings to your business.

Order Your Fundamentals CD Today!
Register today for your in-depth copy of one of three Fundamental CDs on the following topics – Exchange, SQL, and SharePoint.

Microsoft Learning Snack - Virtualization With Windows Server 2008
Windows Server 2008 includes virtualization technology that allows many operating systems - including open source - to run on a single host. Come learn the basics of implementing these features.

Microsoft Learning Snack - Virtualization Basics
With virtualization, computing components essentially become on-demand services, freeing each element of a system from the others. This short video explains the needs, benefits, and technologies behind virtualization.


Microsoft Learning Snack - Virtualization Basics
With virtualization, computing components essentially become on-demand services, freeing each element of a system from the others. This short video explains the needs, benefits, and technologies behind virtualization.

Microsoft Learning Snack - Virtualization With Windows Server 2008
Windows Server 2008 includes virtualization technology that allows many operating systems - including open source - to run on a single host. Come learn the basics of implementing these features.

Empower Your Processes with PowerShell 201
Paul Robichaux delves deep into PowerShell how-tos in 3 informative lessons, each followed by live Q&A—all on your own computer! Register today!

Microsoft Learning Snack - Green IT Through Virtualization
Many organizations face rising operating costs caused by excessive energy consumption. Virtualization and "Green IT" can help cut these costs. Get the information you need to bring Green IT savings to your business.

New Release: Windows IT Pro Master CD
13 years of content archives, fast answers with advanced search tools, and full access to WindowsITPro.com—order today!
Windows IT Pro Home Register FAQ for Windows WinInfo News
Europe Edition About Us Contact Us/Customer Service Media Kit Affiliates / Licensing  
SQL Server Magazine Office & SharePoint Pro Windows Dev Pro ITTV
IT Library Technology Resource Directory Connected Home Windows SuperSite
 
 Windows IT Pro is a Division of Penton Media Inc.
 Copyright © 2009 Penton Media, Inc., All rights reserved. Terms and Use | Privacy Statement | Reprints and Licensing