AGUDLP.txt - Notepad


AGUDLP (an abbreviation of "account, global, universal, domain local, permission") briefly summarizes Microsoft's recommendations for implementing role-based access controls (RBAC) using nested groups in a native-mode Active Directory(AD) domain: User and computer accounts are members of global groups that represent business roles, these global groups are members of a universal group which is a member of domain local groups that describe resource permissions or user rights assignments. AGUDLP is more efficient than AGDLP in larger forests.