Online criminals hate us. We protect you from attacks that antivirus can't block.

AD Computer Group and AD User Group priority in Group Policy.


This article explains the priority of AD COMPUTER GROUP and AD USER GROUP.

In short, the AD COMPUTER GROUP has priority over the AD USER GROUP.


  1. You have two Group Policies created.
  • Policy 1 – That is linked with AD COMPUTER GROUP ActiveD 1 (This is where all the machines and resources are added)
  • Policy 2 – That is linked with AD USER GROUP ActiveD2 (This is where all the user accounts are added)


     2. Since a machine CAN be added to both groups, ActiveD 1 and ActiveD 2, you need to take in consideration that AD COMPUTER GROUP ActiveD 1 has the priority over the ActiveD 2 group even if the Policy 2 is above Policy 1.

That means that if the Policy 1 has a different configuration then Policy 2, the machine that is found in both of the AD groups will take the set-up from the ActiveD 1.

*Our recommendation is not to have the machine added to both AD Global Security Groups so that the confusion would be eliminated.

** If you have a nested type of active directory, please know that, if you apply the group policy to the mother folder, it won't be applied automatically to its subfolders.

If you want to apply the group policy to a specific subfolder of your nested active directory, you have to set the name of the subfolder in the AD COMPUTER GROUP or AD COMPUTER GROUP. (this subfolder must not have other subfolders as well in order to work)


Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request


Article is closed for comments.