This details are very essential for System administrator, Be
having knowledge of this groups you can manage server infrastructure to ensure
server level security and rights management.
Administrators - Built-in
account for administering the computer/domain Controllers.
RODC Password
Replication Group - Members in this group can have their passwords
replicated to all read-only domain controllers in the domain.
Cert Publishers -
Members of this group are permitted to publish certificates to the Active directory
in forest as well as domain level.
Denied RODC Password
Replication Group - Members in this group cannot have their passwords
replicated to any read-only domain controllers in the domain.
Dns Admins –
Members of this group have Administrator access to DNS server service.
Dns Update proxy –
Member of this group are DNS clients who are permitted to perform dynamic
updates on behalf of some other clients.
Domain Admin – User accounts who is Member
of this group are domain Administrators. But they can’t work on forest level.
So only in a Particular Domain they have full control to administrator.
Domain Computers –
By Default any Server or workstations or computers joined to domain becomes
member of this group.
Domain Controllers – List
of all domain controller you can find in this group.
Domain Guest –
List of Domain Guest.
Domain users –
Any users created in Domain becomes member of this group by default. This group
represent all users in Domain.
Enterprise Admins – Members
of this group have full access to all domains in forest. This group is a member
of all domain controllers administrator group by default. We can say them Super
Admins group.
Enterprise Read-only
Domain Controllers - Members of this group are Read-Only Domain Controllers
in the enterprise or read only Forest Level Domain controllers.
Group Policy Creator
Owners - Members in this group can modify group policy for the domain. So
we can add users to allow them to modify Group Policy for domain.
RAS and IAS Servers -
Servers in this group can access remote access properties of users.
Read-only Domain
Controllers - Members of this group are Read-Only Domain Controllers in the
domain. Workstation and server add to this group becomes Read only Domain
Controllers.
Schema Admins - Designated
administrators of the schema, So members of this group can modify Active
Directory Schema.