As a best practice, assign resource access to security groups—instead of to individual users—to simplify administration and troubleshooting. Resources can include the following:

For efficiency, create global groups for users based on criteria such as job function or department. Create domain local groups, and then place global groups into domain local groups. Assign permissions to the domain local groups as required for your environment. This practice simplifies troubleshooting. It also simplifies management of changes when they occur, for example, when users change job functions.

Using security groups

The following table provides a reference for more information about using security groups.

  Step Reference
Check box

Review best practice information about assigning permissions on Active Directory objects.

Best Practices for Assigning Permissions on Active Directory Objects (