MCITP 70-640: Group Strategy AGDLP

Показать описание

AGDLP is a role based strategy that is designed to provide flexible resource management using groups. This video looks at how you can effectively use AGDLP in your company to manage permissions to your resources. Since AGDLP is designed for larger networks, it is generally used in networks that have more than 500 users. AGDLP can be used in multiple domain environments but is generally used in a single domain environment.

Advantages of AGDLP
Since AGDLP is a role base strategy for applying permissions, as a user changes their role in an organization, it is easy to change the permissions associated to that user by making them members of the appropriate groups. Since the users are being put into groups at the role level, this means that the administrator does not require knowledge of how the permissions were applied to the resource. Lastly, by looking at the users in the groups, you can quickly determine who has access to which resources in your domain.

AGDLP
ADDLP stands for the following.
A for Accounts.
G for Global Group.
DL for Domain Local Group.
P for Permissions.

The basic way to use AGDLP is as follows:
Accounts go into Global Groups; Global Groups go into Domain Local Groups; Domain Local Groups are than applied to Permissions.
The advantage to using each group is as follows:

Global Groups allow users from the same domain to be members. This means that when using multiple domains, you can be assured that only users and computers and other Global Groups from that domain are members. This means you can force administration to be divided up between domains. If you do not use Global Groups you could never be sure if an administrator from a domain is only adding users from that domain.

Domain Local Groups can only be used in the domain that the group was created in. This helps with auditing. If the group could be used in other domains, you could never be sure that the group had been applied to resources outside your domain.
AGDLP can be used in a single forest, single domain environment and also a multi domain environment. It provides a framework, but the administrator is free to decide themselves how best to implement group strategy given their business environment.

References

Рекомендации по теме

Комментарии

you explained this over 9000 times better than my University lecturer. Kudos to you, good sir.

ronjeremy

OMG, I have been trying to figure this out all day, and I got it from your vid in 5 mins.

Tuxedo

Thanks, it good to hear that you like the videos. Good luck with your study.

itfreetraining

Thanks very much and thanks for watching.

itfreetraining

I really do thank you for these videos. You have a great way of explaining the topic very well. I am studying for my 640 and these videos of your really help me see what I am missing from the books. Thank you again.

mcseajm

First comment in a year! Thanks a lot for your work. Awesome channel

burzeurk

Sales and Marketing are both Global groups. You could add these directly to the printer and not worry about the domain local group, however this gives you less control. For example, if you create a domain local group for all colour printers, it is just a matter of changing the group membership for who you wanted to have access to colour printer. If you used group group directly on the resource, you would need to modify the permissions on ever printer when you wanted to change access.

itfreetraining

Thank you so much. I already learned how to implement AGDLP but had no idea why it was used. Now I do know : )

Playjens

This is the best video about this topic. I love your videos!

danielschiffers

The whole groups membership is replicated and Infrastructure Role takes care of all group membership. It is a FOREST role. All object are in global catalog BUT group membership is in Infrastructure role.

valentinchiriac

Awesome video! I'm studying for the 640 just like the person below. I really appreciate these. I think all of your videos are very well done and you don't receive enough credit. Cheers!

JasonCisco

Thank you very much, it is a splendid video and perfect explanation .

romansvitko

I had heard of this before, but you made it make sense. Thank you.

michael

We are working on the Group Policy videos at the moment. It should be out soon.

itfreetraining

Thank you sir.
These are all videos very helpful for me.. thanks a lot...

sudheerk

AGDLP (an abbreviation of "account, global, domain local, permission")... In case you're wandering. Thank me later. ;)

BijouBakson

sir, just a question:
as an administrator in a domaine called "a.domaine.com", should i have an admin account in "b.domaine.com" in order to add a user from that domaine ? thanks for answering

lotfiboutaoua

Sir IS this AGDLP means of Accounts, Global group, Domain Local group, Premmision. .

BugsbunnyEh

It's cabbage. Local domain and Global Groups do exactly the same. Really ? Then why such 2 categories of groups exist ?!?!??

valentinchiriac

MCITP 70-640: Group Strategy AGDLP

MCITP 70-640: Group Strategy AGDLP

MCITP 70-640: AGUDLP Group Strategy

MCITP 70 640 AGUDLP Group Strategy

AGDLP and AGUDLP

MCITP 70-640: Active Directory Groups

MCITP 70-640: Group Policy Optimization

AGDLP Process in Windows Server

MCITP 70-640: Local Group Management with Preferences

Visualizing Groups in Microsoft Active Directory

MCITP 70-640: Installing Group Policy Tools

AGDLP

MCITP 70-640: Windows Contacts

MCITP 70-640: Domain Groups

MCITP 70-640: Default Local Groups

05 AGDLP

MCITP 70-640: Installing Active Directory

MCITP 70-640: Active Directory different group types available

MCITP 70-640: Upgrading Active Directory

MCITP 70-640: Group Policy Processing Order

MCITP 70-640: Group Policy Preferences

MCITP 70-640: Group Policy Software Install Demonstration

MCITP 70-640: Active Directory Accounts

MCITP 70-640: Group Policy Loopback Processing

AGDLP (Account Global Group Domain Local Permissions)