Overview#

Microsoft Active Directory uses GroupType as a Bitmask that define the type and scope of a group object in Active Directory Groups.

NOTE: pagename only applies to the default group ObjectClass Type Group.

Possible Values#

INTHexDescription
00x00000000MSDN says it could be 0 but not what "0" is.
10x00000001Specifies a group that is created by the system.
20x00000002Specifies a group with Global Group.
40x00000004Specifies a group with Domain Local Group.
80x00000008Specifies a group with Universal Group.
160x00000010Specifies an APP_BASIC group for Windows Server Authorization Manager.
320x00000020Specifies an APP_QUERY group for Windows Server Authorization Manager.
21474836480x80000000Specifies a Security Group. If this bit is not set, then the group is a Distribution Group.

In case you’re interested, the values 2 - (Global Group) , 4 - (Domain Local Group), and 8 (Universal Group). The value -2147483648 identifies Security Groups.

To determine the full GroupType you add the first number (2, 4, or 8) to the second number:

A Domain Local Distribution Group has a value of 4 (4 + 0); a Domain Local Security Group has a value of -2147483644 (4 + -2147483648).

LDAP#

From LDAP these will appear as:

In case you’re interested, the values 2, 4, and 8 identify – respectively – global, domain local, and universal groups. The value -2147483648 identifies security groups. To determine the group type you add the first number (2, 4, or 8) to the second number (-2147483648 if the group is a security group, 0 if it’s a distribution group). A domain local distribution group has a value of 4 (4 + 0); a domain local security group has a value of -2147483644 (4 + -2147483648).

LDAP Attribute Definition#

The GroupType AttributeTypes is defined as:

More Information#

There might be more information for this subject on one of the following:

Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-10) was last changed on 08-Jun-2017 13:32 by jim