This details are very essential for System administrator, Be
having knowledge of this groups you can manage server infrastructure to ensure
server level security and rights management.
Administrators - Built-in
account for administering the computer/domain Controllers.
RODC Password
Replication Group - Members in this group can have their passwords
replicated to all read-only domain controllers in the domain.
Cert Publishers -
Members of this group are permitted to publish certificates to the Active directory
in forest as well as domain level.
Denied RODC Password
Replication Group - Members in this group cannot have their passwords
replicated to any read-only domain controllers in the domain.
Dns Admins –
Members of this group have Administrator access to DNS server service.
Dns Update proxy –
Member of this group are DNS clients who are permitted to perform dynamic
updates on behalf of some other clients.
Domain Admin – User accounts who is Member
of this group are domain Administrators. But they can’t work on forest level.
So only in a Particular Domain they have full control to administrator.
Domain Computers –
By Default any Server or workstations or computers joined to domain becomes
member of this group.
Domain Controllers – List
of all domain controller you can find in this group.
Domain Guest –
List of Domain Guest.
Domain users –
Any users created in Domain becomes member of this group by default. This group
represent all users in Domain.
Enterprise Admins – Members
of this group have full access to all domains in forest. This group is a member
of all domain controllers administrator group by default. We can say them Super
Admins group.
Enterprise Read-only
Domain Controllers - Members of this group are Read-Only Domain Controllers
in the enterprise or read only Forest Level Domain controllers.
Group Policy Creator
Owners - Members in this group can modify group policy for the domain. So
we can add users to allow them to modify Group Policy for domain.
RAS and IAS Servers -
Servers in this group can access remote access properties of users.
Read-only Domain
Controllers - Members of this group are Read-Only Domain Controllers in the
domain. Workstation and server add to this group becomes Read only Domain
Controllers.
Schema Admins - Designated
administrators of the schema, So members of this group can modify Active
Directory Schema.
Below if the reference screenshot where you can see all the default users created in Active Directory.