Synology SA3400 Synology Directory Server Administrator s Guide for DSM 7.1 - Page 27

Add a Group, Group Name, Description

Get Synology SA3400 PDF manuals and user guides View all Synology SA3400 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 27 highlights

Chapter 4: Manage Domain Objects Group Name Description Allow RODC Password Replication Group Members of this group can replicate their passwords to all RODCs in the domain. Cert Publishers Members of this group are given privileges to certificate publishing. Denied RODC Password Members of this group cannot replicate their passwords to any Replication Group RODCs in the domain. DnsAdmins Members of this group can access DNS in the domain. DnsUpdateProxy Members of this group are DNS clients who are permitted to perform dynamic updates on behalf of some other clients (such as DHCP servers). Domain Admins Members of this group have administrative privileges to control all objects and settings in the domain. Domain Computers All workstations and servers are included in this group by default. Domain Controllers All DCs are included in this group by default. Domain Guests All domain guests are included in this group by default. Domain Users All domain users are included in this group by default. Enterprise Admins Members of this group have administrative privileges to control all objects and settings in the entire enterprise's domain structure. Enterprise Read-Only Domain Controllers All RODCs in the entire enterprise's domain structure are included in this group by default. Group Policy Creator Owners Members of this group can modify group policies for the domain. RAS and IAS Servers Members of this group are allowed to use remote access services. Read-Only Domain Controllers All RODCs are included in this group by default. Schema Admins Members of this group can make changes to the domain schema. Note: • Synology Directory Server aligns with the functional level of Windows Server 2008 R2. Refer to this article for more information on the built-in domain groups. Add a Group 1. On a RWDC, go to the Users & Computers page and click Add > Group. 2. Enter the group information and click Next: • Group Scope • Domain local: Domain local groups are used for assigning permissions to resources in their home domain. This group type can nest other domain local groups in the same 24

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
24
Chapter 4: Manage Domain Objects
Group Name
Description
Allow RODC Password
Replication Group
Members of this group can replicate their passwords to all
RODCs in the domain.
Cert Publishers
Members of this group are given privileges to certificate
publishing.
Denied RODC Password
Replication Group
Members of this group cannot replicate their passwords to any
RODCs in the domain.
DnsAdmins
Members of this group can access DNS in the domain.
DnsUpdateProxy
Members of this group are DNS clients who are permitted to
perform dynamic updates on behalf of some other clients (such
as DHCP servers).
Domain Admins
Members of this group have administrative privileges to control
all objects and settings in the domain.
Domain Computers
All workstations and servers are included in this group by default.
Domain Controllers
All DCs are included in this group by default.
Domain Guests
All domain guests are included in this group by default.
Domain Users
All domain users are included in this group by default.
Enterprise Admins
Members of this group have administrative privileges to control
all objects and settings in the entire enterprise's domain
structure.
Enterprise Read-Only
Domain Controllers
All RODCs in the entire enterprise's domain structure are
included in this group by default.
Group Policy Creator
Owners
Members of this group can modify group policies for the domain.
RAS and IAS Servers
Members of this group are allowed to use remote access
services.
Read-Only Domain
Controllers
All RODCs are included in this group by default.
Schema Admins
Members of this group can make changes to the domain
schema.
Note:
• Synology Directory Server aligns with the functional level of Windows Server 2008 R2.
Refer to
this article
for more information on the built-in domain groups.
Add a Group
1. On a RWDC, go to the
Users & Computers
page and click
Add
>
Group
.
2. Enter the group information and click
Next
:
Group Scope
Domain local
: Domain local groups are used for assigning permissions to resources in
their home domain. This group type can nest other domain local groups in the same