Universal groups are best used to consolidate global groups into one location. Since user accounts are added to the global groups, membership changes in the global groups do not have an effect on the universal group. Consider the example shown in Figure 4.54 where you have three domains. User accounts are added to their respective global groups. The three global groups are added to one universal group. The universal group can be used anywhere within the enterprise and changes that might be made to the global groups do not cause replication to occur for the universal group - this provides a bandwidth (and cost) savings. This is the AGU portion of AGUDLP. User Accounts (A) go into Global groups (G) and Global Groups go into Universal groups (U).


Membership in universal groups should not change often, because changes to universal groups are replicated to every Global Catalog server in the forest, a potentially bandwidth-intensive operation.

Figure 4.54 Organizing Users Into Groups

  • falco sackville-baggins
    What is uviversal in window server 2003?
    9 years ago

