Microsoft’s Active Directory is the core of any Windows Based Domain as it provides authentication, structure, access, and so much more to users and machines on the network. To successfully manage and maintain Active Directory it’s important to understand the structure and default groups that Active Directory is built upon.
Check out this very useful link to a list of Default Active Directory Groups and their roles/privileges within a Windows Based Domain: https://technet.microsoft.com/en-us/library/cc756898(v=ws.10).aspx
Below I have listed 3 groups that are very often confused due to their similarity to inclusion, but are very different in terms of security:
The Authenticated Users group encompasses all users who have logged in with a username and password.
The Everyone group encompasses all users who have logged in with a password as well as built-in, non-password protected accounts such as Guest and LOCAL_SERVICE.
The Domain Users group includes all user accounts in a domain. When you create a user account in a domain, it is automatically added to this group. By default, any user account that is created in the domain automatically becomes a member of this group. This group can be used to represent all users in the domain. For example, if you want all domain users to have access to a printer, you can assign permissions for the printer to this group (or add the Domain Users group to a local group on the print server that has permissions for the printer).
I hope that this short article has been found to be helpful and is a good basis to understanding the default groups within Windows Active Directory Domains.
Don’t be afraid to leave a comment below or share this on Facebook, Twitter, etc. I’m more than happy to help clear up any questions you may have!