Different group types, which are fairly easy to understand, group scopes can be annoying to those new to functioning with Windows Server 2003 and Active Directory. The scope of the group recognizes the amount to which the group is applied all through the domain tree or forest. There are four group scopes:

Local groups

Local groups can include user accounts from the local machine, customer accounts from the domain the local machine is joined to, or consumer accounts from any trusted domains of the domain the machine is connected to. Only local groups can manage permissions for local capital (local to a single machine).

Domain local groups
Domain local groups can include other groups and user/computer accounts from Windows Server 2003, Windows 2000 Server and Windows NT areas. Permissions for only the area in which the group is distinct can be allocated to area local groups.

Global groups

Global groups can comprise other groups and consumer/computer accounts from only the area in which the group is distinct. Permissions for any area in the forest can be assigned to worldwide groups.

Universal groups

Worldwide groups can comprise other groups and consumer/computer accounts from any domain in the area tree or forest. Permissions for any area in the domain tree or forest can be allocated to worldwide groups. Universal groups are only obtainable if your domain practical level is place to Windows 2000 native mode.