Mastering Active Directory groups can streamline management, pave way for automation

On the surface, Active Directory groups are a simple and straightforward way to manage identities (users and/or computers) and assign permissions. Users or computers are added as group members, and the group is referenced in access control lists (ACL) on file shares, mailboxes, applications, or other corporate resources. But experienced admins know that this simplicity quickly goes out the window as environments scale. As group memberships grow, management of memberships becomes increasingly complex. Over the years, Microsoft and others have developed best practices for managing groups and permissions in an Active Directory environment. These strategies are something of a lost art, but there’s value to be gained by leveraging these layers of sophistication. To read this article in full, please click here
http://dlvr.it/Sd6mfy