Nesting groups is an efficient way of delegating the management of group membership. In native mode, you can create a Universal group and delegate the control over membership to an enterprise or senior administrator whose job it is to manage the membership of the Global groups. Global group administrators are the ones responsible for managing the membership of the Global groups . . . granting membership to users or Local groups.
Nesting is useful in enterprises that are dispersed across geographical boundaries or that have built multiple domains. At MCITY, we have created a Universal group called GENESIS DCP that contains the senior users from GENESIS.MCITY.US\DCP. In the example shown in Figure 13-11, the universal group DCP.GENESIS.MCITY.US has been nested into the CITYHALL Local DCP group.
Domains must be in native mode to nest security groups. The Universal group is not available in mixed mode. See the section "Mixed Mode versus Native Modes," later in this chapter.
Was this article helpful?