3.1.4.2.1 ActiveDirectoryGroup
The GroupScope element is populated from the group!groupType ([MS-ADTS] section 2.2.12), according to the table that follows. If group!groupType is not set, cannot be read, or does not contain one of the values listed in the table that follows, the GroupScope element SHOULD be populated with Unknown.<16>
|
groupType contains (Symbolic name [MS-ADTS]) |
Value of GroupScope element |
Group scope |
|---|---|---|
|
GROUP_TYPE_BUILTIN_LOCAL_GROUP |
DomainLocal |
The group membership is in a domain local group. |
|
GROUP_TYPE_RESOURCE_GROUP |
DomainLocal |
The group membership is in a domain local group. |
|
GROUP_TYPE_ACCOUNT_GROUP |
Global |
The group membership is in a global group. |
|
GROUP_TYPE_UNIVERSAL_GROUP |
Universal |
The group membership is in a universal group. |
The GroupType element is populated from the group!groupType flag GROUP_TYPE_SECURITY_ENABLED ([MS-ADTS] section 2.2.12), according to the following table. If group!groupType is not set or cannot be read, the GroupType element SHOULD be populated with Unknown.<17>
|
GROUP_TYPE_SECURITY_ENABLED |
Value of GroupType Element |
Meaning |
|---|---|---|
|
Zero |
Distribution |
The group does not represent a group of security principals. |
|
One |
Security |
The group represents a group of security principals. |