Nested Groups in Active Directory

Nested Groups in Active Directory

You can make one group a member of another by using nesting of groups in Active Directory.

GroupMembers can be
Universal groupsUser accounts, computer accounts, global groups and other universal groups
Global groupsUser accounts, computer accounts and global groups from the same domain
Domain local groupsUser accounts, computer accounts, domain local groups from the same domain, universal groups and global groups

Say Group B is nested within Group A then members of B inherit all permissions assigned on group A.

Nesting groups can be very useful in delegating access through inheritance and nesting using global groups can help in controlling replication traffic.

    • Related Articles

    • Find nested Active Directory groups using PowerShell

      Get AD Nested Group Membership with PowerShell Active Directory supports the feature of nesting groups inside one another. For example, consider two groups: GroupHR and GroupFinance. GroupFinance can be a member of GroupHR. If I assign GroupHR write ...

    • PowerShell: Find and Delete Empty Groups in Active Directory

      Cleanup Empty AD Groups with PowerShell Administrators turn to groups to grant a set of users permissions and access rights to resources. However, once the work is done and the resources are no longer needed, the users are removed from the group, ...

    • Preparing for the GDPR: Designing Active Directory groups

      One aspect of the GDPR is the fact that all users who have access to personal data must be monitored. As a best practice, only groups should be placed on the access control lists (ACLs) of personal data, not individual users. Therefore, it is the ...

    • Active Directory Objects

      Real-world entities such as users, computers are represented as objects in Active Directory. Objects are the fulcrum for the very existence of Active Directory. One important aspect with respect to object characteristics is that some of the objects ...

    • Framework of Active Directory

      The Active Directory structure is built on the domain level. The framework that holds the objects can be viewed at different levels namely forest, domain trees and domains. At the top of the level is the forest. A forest holds all the Active ...