Hi all, hoping I could get some input how to stick to the best practice AGDLP nesting strategy while meeting the specific needs of my users/departments.
I have a network share for our Marketing department. Following AGDLP, I have put my Marketing users in a Global group called G_Marketing, I then put that group in a Domain Local group called DL_MRKShareModify, and I have assigned the appropriate share/NTFS permissions to the DL_MRKShareModify group on the actual shared folder. This works perfectly if ALL of my Marketing users should have access to the share, but in reality, only a select few Marketing users should have access to the share.
What is the best way to set this up while also sticking to the AGDLP best practice?