Overview#
Microsoft Active Directory uses GroupType as a Bitmask that define the type and scope of a group object in Active Directory Groups.NOTE: pagename only applies to the default group ObjectClass Type Group.
Possible Values#
| INT | Hex | Description |
|---|---|---|
| 0 | 0x00000000 | MSDN says it could be 0 but not what "0" is. |
| 1 | 0x00000001 | Specifies a group that is created by the system. |
| 2 | 0x00000002 | Specifies a group with Global Group. |
| 4 | 0x00000004 | Specifies a group with Domain Local Group. |
| 8 | 0x00000008 | Specifies a group with Universal Group. |
| 16 | 0x00000010 | Specifies an APP_BASIC group for Windows Server Authorization Manager. |
| 32 | 0x00000020 | Specifies an APP_QUERY group for Windows Server Authorization Manager. |
| 2147483648 | 0x80000000 | Specifies a Security Group. If this bit is not set, then the group is a Distribution Group. |
In case you’re interested, the values 2 - (Global Group) , 4 - (Domain Local Group), and 8 (Universal Group). The value -2147483648 identifies Security Groups.
To determine the full GroupType you add the first number (2, 4, or 8) to the second number:
- -2147483648 if the group is a Security Groups
- 0 if the group is a Distribution Group).
LDAP#
From LDAP these will appear as:- -2147483650 - (0 + 2) - Global Group - Distribution Group
- -2147483652 - (0 + 4) - Domain Local Group - Distribution Group
- -2147483656 - (0 + 8) - Universal Group - Distribution Group
- -2147483650 - (2147483648 + 2) - Global __Security__ Group
- -2147483652 - (2147483648 + 4) - Domain Local __Security__ Group
- -2147483656 - (2147483648 + 8) - Universal __Security__ Group
In case you’re interested, the values 2, 4, and 8 identify – respectively – global, domain local, and universal groups. The value -2147483648 identifies security groups. To determine the group type you add the first number (2, 4, or 8) to the second number (-2147483648 if the group is a security group, 0 if it’s a distribution group). A domain local distribution group has a value of 4 (4 + 0); a domain local security group has a value of -2147483644 (4 + -2147483648).
LDAP Attribute Definition#
The GroupType AttributeTypes is defined as:- OID of 1.2.840.113556.1.4.750
- NAME: GroupType
- DESC:
- EQUALITY:
- ORDERING:
- SYNTAX: 2.5.5.9
- SINGLE-VALUE
- USAGE DirectoryOperation
- Used as MUST in:
