
close
close
Chance to win $250 in Petri 2023 Audience Survey
If you recall from the first installment in my managing Active Directory Local Group article series, using the first setting (“Members of this group”) option in GPO’s Restricted Groups settings controls the membership of a specified group. Although it’s very useful in setting the exact members of any given group, this means that whatever members are configured in that group, this is exactly what you will see when you look at the group’s members. This type of strict control may not be always useful, because you must always explicitly specify group members.
Managing Local Active Directory Groups Article Series
The second setting option called “This group is a member of” controls which groups the specified group will become a member of, and it allows more flexibility because of the way it works. With this option, you can control which other groups the specified group will be added to.
Note: When you use this method, you must adhere to the known group nesting rules.
Important: Because this option adds only groups to other groups, you cannot use it to add individual users to groups. If you want to add one user to one or more groups, then you need to create a group, add the user to the group, and then specify it in the Restricted Groups setting. If that group is empty, it will still be added to the target group. Because of standard group processing, once a user is added to it in the future, the user will receive relevant group membership after logging on.
Important: If you configure this setting and leave the “This group is a member of” list blank, the setting will not remove the specified group from any existing groups. This allows you more flexibility in your configuration.
1. To configure this option, create a new Restricted Group. If you need instructions on how to do this, then please refer to the first article in this series.
Note: Don’t forget that you need to use a GPO that is linked to the OU, which contains the computer objects that you want to be affected by the GPO.
Adding a group in the Group Policy Management Editor. (Image Credit: Daniel Petri)
Adding a sample group to a local group. (Image Credit: Daniel Petri)
The group was successfully added to the local group on the member server. (Image Credit: Daniel Petri)
More in Active Directory
Microsoft Releases Update to Streamline Exchange Online License Assignments
Jan 24, 2023 | Rabia Noureen
How to Export Active Directory Users to CSV With PowerShell and ADUC
Jan 23, 2023 | Michael Reinders
ManageEngine ADSelfService Plus: Protect On-Premises and Cloud Services from Password Attacks with Multi-factor Authentication
Jan 12, 2023 | Michael Reinders
Microsoft 365 to Launch New $1.99/Month Basic Subscription with 100 GB of OneDrive Storage
Jan 11, 2023 | Rabia Noureen
Most popular on petri