Windows server 2012 Practice Test

The correct answer is Universal. Universal groups are specifically designed to consolidate user accounts and other groups that can span multiple domains within an Active Directory forest. This capability allows for a more flexible and efficient management of resources and permissions across multiple domains, making it easier to control access for users who require permissions that extend beyond a single domain.

By using Universal groups, administrators can assign access to resources that are distributed across different domains without needing to create separate accounts or groups in each domain. This also helps in simplifying user management by allowing the inclusion of accounts from various parts of the organization into a single group, which can then be granted permissions as needed.

In contrast, Global groups are restricted to members from the same domain and are often used to assign permissions only within that domain. Domain Local groups can contain users from any domain but are restricted to assigning permissions only within the domain where the group is created. Local groups are not specific to Active Directory, as they are traditional user groups that manage local resources on a specific computer. Thus, Universal groups are essential for managing broader access across the entire forest.