Step by Step Guide: Change the scope of a Active Directory group

Here is a step-by-step guide on how to change the scope of an Active Directory group:

1. Open the Active Directory Users and Computers console on your domain controller.
2. Navigate to the location of the group that you want to modify.
3. Right-click on the group and select “Properties”.
4. In the Properties dialog box, select the “Group Scope” tab.
5. Select the new scope that you want to assign to the group, either “Global”, “Universal”, or “Domain Local”.
6. Click “Apply” to save the changes.
7. Confirm the changes by clicking “OK”.

Here are some usage examples for changing the scope of an Active Directory group:

1. Changing from Universal to Global: Suppose you have a Universal group that was created to manage access to resources across multiple domains, but you now want to limit access to resources within a single domain. You can change the scope of the Universal group to Global to restrict its membership to users within the same domain.
2. Changing from Global to Universal: Suppose you have a Global group that needs to be shared across multiple domains within the same forest. You can change the scope of the Global group to Universal to enable its use across domains.
3. Changing from Universal to Domain Local: Suppose you have a Universal group that was created to manage access to resources across multiple domains, but you now want to limit access to resources within a single domain. You can change the scope of the Universal group to Domain Local to restrict its membership to users within the same domain.
4. Changing from Domain Local to Universal: Suppose you have a Domain Local group that needs to be shared across multiple domains within the same forest. You can change the scope of the Domain Local group to Universal to enable its use across domains.
5. Changing from Domain Local to Global: Suppose you have a Domain Local group that was created to manage access to resources within a single domain, but you now want to extend its membership to users in other domains. You can change the scope of the Domain Local group to Global to allow membership from other domains.
6. Changing from Global to Domain Local: Suppose you have a Global group that was created to manage access to resources across multiple domains, but you now want to limit access to resources within a single domain. You can change the scope of the Global group to Domain Local to restrict its membership to users within the same domain.