با سلام
AGDLP (Account > Global groups > Domain Local group > Permission) is the strategy recommended by Microsoft for providing permissions to users on network resources. When groups are created in a single domain, administrators should use the AGDLP strategy. The following steps are required to be performed for implementing the AGDLP strategy:
- Put user accounts (A) into global groups (G).
- Put the global groups into domain local groups (DL).
- Grant permissions (P) to the domain local group.
Following this strategy will reduce the burden of maintenance on administrators.