Announcement

Collapse
No announcement yet.

AD primary Group

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • AD primary Group

    Why do we need Primary Group in active directory? When a computer/user is created it will get added to group and that's get set as primary...I don't understand the need behind maintaining the primary group. Can any one help me understanding that?

  • #2
    Re: AD primary Group

    I know how primary group membership will be calculated considering the max no. of objects limit in active directory. But I want to understand why do we need primary group at first place. A new active directory object will not be able to live without any group membership?

    Comment


    • #3
      Re: AD primary Group

      Originally posted by charlsteve View Post
      I know how primary group membership will be calculated considering the max no. of objects limit in active directory. But I want to understand why do we need primary group at first place. A new active directory object will not be able to live without any group membership?
      .......because Microsoft Windows 2000 has a group membership limitation of 5000 users. This behavior is due to a limitation in the size of the attribute that is being replicated. The primary group allows one group per user to hold more than 5000 users. By default, every user is a member of the Domain Users group.

      The Microsoft Windows Server 2003 Forest mode removes this group membership limitation. However, the primary group is still used in the same way.
      http://support.microsoft.com/kb/275523
      Caesar's cipher - 3

      ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

      SFX JNRS FC U6 MNGR

      Comment


      • #4
        Re: AD primary Group

        I think I need to put my question in more clear way....

        "Why a active directory object needs to added to a default security group after creation"? Are there any permissions issued to new objects through this default security group?

        Comment


        • #5
          Re: AD primary Group

          I think you are right to rephrase it as it is a totally different query...

          The Domain users group has not got any users rights by default but it is a member of the
          local Users group of any domain member. This is an example of a windows 2003 group:
          Members of this group can perform common tasks, such as running applications, using local and network printers, and locking the server. Users cannot share directories or create local printers. By default, the Domain Users, Authenticated Users, and Interactive groups are members of this group. Therefore, any user account created in the domain becomes a member of this group.

          With the following default user rights:

          Access this computer from the network; Allow log on locally; Bypass traverse checking.

          http://technet.microsoft.com/en-us/l...98(WS.10).aspx
          Caesar's cipher - 3

          ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

          SFX JNRS FC U6 MNGR

          Comment

          Working...
          X