This article explains the priority of AD Local Security Group and AD User Group.
In short, the AD Local Security Group has priority over the AD User Group.
- You have two Group Policies created.
- Policy 1 – That is linked with AD Local Security Group ActiveD 1 (This is where all the machines and resources are added)
- Policy 2 – That is linked with AD User Group ActiveD2 (This is where all the user accounts are added)
2. Since a machine CAN be added to both groups, ActiveD 1 and ActiveD 2, you need to take in consideration that AD Local Security Group ActiveD 1 has the priority over the ActiveD 2 group even if the Policy 2 is above Policy 1.
That means that if the Policy 1 has a different configuration then Policy 2, the machine that is found in both of the AD groups will take the set-up from the ActiveD 1.
*Our recommendation is not to have the machine added to both AD Groups so that the confusion would be eliminated.
** If you have a nested type of active directory, please know that, if you apply the group policy to the mother folder, it won't be applied automatically to its subfolders.
If you want to apply the group policy to a specific subfolder of your nested active directory, you have to set the name of the subfolder in the AD Local Security Groups or Ad User groups. (this subfolder must not have other subfolders as well in order to work)