Domain Local Group

Domain Local Group is a type of group in a Microsoft Windows based network.

What is Domain Local Group?

A type of group in a Microsoft Windows 2000–based network. Windows 2000 uses groups to organize users or computer objects for administrative purposes. Groups can have different scopes, or levels of functionality.

The scope of a group can be a single domain, a group of domains connected by trust relationships, or the entire network.

Domain local groups are Windows 2000 groups whose scope is restricted to the specific domain in which they are defined. Domain local groups are used to provide users with access to network resources and to assign permissions to control access to these resources. Domain local groups have open membership, which means that you can add members from any domain to them.

To use a domain local group, you first determine which users have similar job responsibilities in your enterprise. Then you identify a common set of network resources in a domain that these users might need to access. Next, you create a domain local group for the users and assign the group appropriate permissions to the network resources. This procedure is called A-G-DL-P (access, group, domain local, permissions), which is a variation of the AGLP administration paradigm used in Windows NT–based networks.


If network resources within a domain are used only within the domain, you can group users in the domain using domain local groups. If your scope of resource usage is several domains linked by trust relationships, use global groups instead. If your network is a pure Windows 2000–based network and your domain controllers are running in native mode, you can use universal groups as well.