Which group scopes are defined by Active Directory?

Active Directory defines three primary group scopes that dictate how groups can be used and which users can be members of those groups. The correct group scopes are Universal, Global, and Domain Local.

Universal groups can include users from any domain within the forest and can be assigned permissions in any domain. This flexibility makes Universal groups particularly useful for organizing users who require the same permissions across multiple domains.

Global groups, on the other hand, are limited to members from a single domain but can also be assigned permissions in any domain. This means they are often used to group users who share similar job functions within that specific domain.

Domain Local groups are designed for managing permissions within a single domain, allowing for members from any domain but restricting their permissions to resources within the domain where the group is defined. This feature is beneficial for organizing access to domain-specific resources while providing flexibility in membership.

The other provided options include terms that do not accurately reflect the scopes defined by Active Directory. For instance, mentioning "Local User" or confusingly combining group types does not align with the established definitions and roles of these group scopes in managing permissions and user organization within Active Directory.