| Author |
Domain Local vs Global Groups
|
|
| Mark Scott 2004-01-05, 3:23 pm |
| Can someone explain this confusion for me? I created a global group today
to assign permissions to a resource in a different domain but it wouldn;t
work, I had to use a Domain Local group for that.
Global to me means a far reaching group with more "coverage" than a Domain
Local (local to the domain) so I assumed that to permission objects outside
a domain to use Globals.
Any ideas why the naming sounds arse about face?
| |
| Lazyadmin 2004-01-05, 5:23 pm |
| Here is how i remember it.
Add users to global groups and add global groupd to domain local groups.
Give perms to Domain Local groups.
"Mark Scott" <mark-scott@yonderblue.co.uk> wrote in message
news:ZEiKb.21$iI2.13@news-binary.blueyonder.co.uk...
> Can someone explain this confusion for me? I created a global group
today
> to assign permissions to a resource in a different domain but it wouldn;t
> work, I had to use a Domain Local group for that.
>
> Global to me means a far reaching group with more "coverage" than a Domain
> Local (local to the domain) so I assumed that to permission objects
outside
> a domain to use Globals.
>
> Any ideas why the naming sounds arse about face?
>
>
| |
| Adam Leinss 2004-01-05, 5:23 pm |
| "Mark Scott" <mark-scott@yonderblue.co.uk> wrote in
news:ZEiKb.21$iI2.13@news-binary.blueyonder.co.uk:
> Can someone explain this confusion for me? I created a global
> group today to assign permissions to a resource in a different
> domain but it wouldn;t work, I had to use a Domain Local group for
> that.
>
> Global to me means a far reaching group with more "coverage" than
> a Domain Local (local to the domain) so I assumed that to
> permission objects outside a domain to use Globals.
>
> Any ideas why the naming sounds arse about face?
Global Groups have global scope within a domain boundary and only
within a domain boundary.
Universal Groups extend past domain boundaries and can be used inside
(and out of) domains. This requires resources by a GC and therefore
using Universal Groups should be used sparingly according to Microsoft.
Domain Local Groups are usually used to assign permissions to groups
and or users to use a specific resource such as a printer or share.
They have scope only within that domain.
HTH,
Adam
| |
| Adam Leinss 2004-01-06, 9:23 pm |
| Adam Leinss <aleinss@toughguy.net> wrote in message news:< Xns9467A31E9AEA1aleinsstoughgu
ynet@toughguy.net>...
> "Mark Scott" <mark-scott@yonderblue.co.uk> wrote in
> news:ZEiKb.21$iI2.13@news-binary.blueyonder.co.uk:
>
>
> Global Groups have global scope within a domain boundary and only
> within a domain boundary.
>
> Universal Groups extend past domain boundaries and can be used inside
> (and out of) domains. This requires resources by a GC and therefore
> using Universal Groups should be used sparingly according to Microsoft.
>
> Domain Local Groups are usually used to assign permissions to groups
> and or users to use a specific resource such as a printer or share.
> They have scope only within that domain.
I should clarify that Universal and Global Groups can be assigned
permissions in any domain. However, Global Groups can only contain
members from within its own domain. Domain Local Groups can only
contain members for its domain and cannot be assigned permissions in
other domains.
Adam
| |
| =?Utf-8?B?TGVvbmUgUmFuZGF6em8=?= 2004-01-07, 2:24 pm |
|
/ ******************************
**************************
Domain Local Groups can only
contain members for its domain and cannot be assigned permissions in
other domains.
******************************
**************************/
I think this is not true.
The difference between group is made by two things: membership and scope.
Membership Scope
- DLG User and group from same Forest Same domain
- GG Same Domain Forest
- UG User and group from same Forest Forest
Furthermore the use of DLG depend on the domain's mode: mixed-mode (same as WinNT domain) and native-mode (the DLG is visible (the scope is enlarged also for the member servers and workstations).
Ciao
Leone
|
|
|
|