«

Can someone explain this confusion for me? I created a global group today
to assign permissions to a resource in a different domain but it wouldn;t
work, I had to use a Domain Local group for that.

Global to me means a far reaching group with more "coverage" than a Domain
Local (local to the domain) so I assumed that to permission objects outside
a domain to use Globals.

Any ideas why the naming sounds arse about face?

Here is how i remember it.

Add users to global groups and add global groupd to domain local groups.
Give perms to Domain Local groups.


"Mark Scott" <mark-> wrote in message
news:ZEiKb.21$...
> Can someone explain this confusion for me? I created a global group
today
> to assign permissions to a resource in a different domain but it wouldn;t
> work, I had to use a Domain Local group for that.
>
> Global to me means a far reaching group with more "coverage" than a Domain
> Local (local to the domain) so I assumed that to permission objects
outside
> a domain to use Globals.
>
> Any ideas why the naming sounds arse about face?
>
>

"Mark Scott" <mark-> wrote in
news:ZEiKb.21$:

> Can someone explain this confusion for me? I created a global
> group today to assign permissions to a resource in a different
> domain but it wouldn;t work, I had to use a Domain Local group for
> that.
>
> Global to me means a far reaching group with more "coverage" than
> a Domain Local (local to the domain) so I assumed that to
> permission objects outside a domain to use Globals.
>
> Any ideas why the naming sounds arse about face?

Global Groups have global scope within a domain boundary and only
within a domain boundary.

Universal Groups extend past domain boundaries and can be used inside
(and out of) domains. This requires resources by a GC and therefore
using Universal Groups should be used sparingly according to Microsoft.

Domain Local Groups are usually used to assign permissions to groups
and or users to use a specific resource such as a printer or share.
They have scope only within that domain.

HTH,
Adam

Adam Leinss <> wrote in message news:<Xns9467A31E9AEA1aleinsstoughguynet@toughguy. net>...
> "Mark Scott" <mark-> wrote in
> news:ZEiKb.21$:
>
> > Can someone explain this confusion for me? I created a global
> > group today to assign permissions to a resource in a different
> > domain but it wouldn;t work, I had to use a Domain Local group for
> > that.
> >
> > Global to me means a far reaching group with more "coverage" than
> > a Domain Local (local to the domain) so I assumed that to
> > permission objects outside a domain to use Globals.
> >
> > Any ideas why the naming sounds arse about face?
>
> Global Groups have global scope within a domain boundary and only
> within a domain boundary.
>
> Universal Groups extend past domain boundaries and can be used inside
> (and out of) domains. This requires resources by a GC and therefore
> using Universal Groups should be used sparingly according to Microsoft.
>
> Domain Local Groups are usually used to assign permissions to groups
> and or users to use a specific resource such as a printer or share.
> They have scope only within that domain.

I should clarify that Universal and Global Groups can be assigned
permissions in any domain. However, Global Groups can only contain
members from within its own domain. Domain Local Groups can only
contain members for its domain and cannot be assigned permissions in
other domains.

Adam

/************************************************** ******
Domain Local Groups can only
contain members for its domain and cannot be assigned permissions in
other domains.
************************************************** ******/

I think this is not true.

The difference between group is made by two things: membership and scope.


Membership Scope

- DLG User and group from same Forest Same domain

- GG Same Domain Forest

- UG User and group from same Forest Forest

Furthermore the use of DLG depend on the domain's mode: mixed-mode (same as WinNT domain) and native-mode (the DLG is visible (the scope is enlarged also for the member servers and workstations).

Ciao
Leone

[learnersenju]

Global Group:

Members of Global Group can come only from local domain but members can access resources in any domain.

Domain Local Group:

Members of Local Group can come from any domain but members can access resources only in local domain.

Universal Group:

Members can come from any domain and members can access resource in any domain.

Hope this helps!