Domain Local vs Global Groups

Discussion in 'MCSE' started by Mark Scott, Jan 5, 2004.

  1. Mark Scott

    Mark Scott Guest

    Can someone explain this confusion for me? I created a global group today
    to assign permissions to a resource in a different domain but it wouldn;t
    work, I had to use a Domain Local group for that.

    Global to me means a far reaching group with more "coverage" than a Domain
    Local (local to the domain) so I assumed that to permission objects outside
    a domain to use Globals.

    Any ideas why the naming sounds arse about face?
    Mark Scott, Jan 5, 2004
    #1
    1. Advertising

  2. Mark Scott

    Lazyadmin Guest

    Here is how i remember it.

    Add users to global groups and add global groupd to domain local groups.
    Give perms to Domain Local groups.


    "Mark Scott" <> wrote in message
    news:ZEiKb.21$...
    > Can someone explain this confusion for me? I created a global group

    today
    > to assign permissions to a resource in a different domain but it wouldn;t
    > work, I had to use a Domain Local group for that.
    >
    > Global to me means a far reaching group with more "coverage" than a Domain
    > Local (local to the domain) so I assumed that to permission objects

    outside
    > a domain to use Globals.
    >
    > Any ideas why the naming sounds arse about face?
    >
    >
    Lazyadmin, Jan 5, 2004
    #2
    1. Advertising

  3. Mark Scott

    Adam Leinss Guest

    "Mark Scott" <> wrote in
    news:ZEiKb.21$:

    > Can someone explain this confusion for me? I created a global
    > group today to assign permissions to a resource in a different
    > domain but it wouldn;t work, I had to use a Domain Local group for
    > that.
    >
    > Global to me means a far reaching group with more "coverage" than
    > a Domain Local (local to the domain) so I assumed that to
    > permission objects outside a domain to use Globals.
    >
    > Any ideas why the naming sounds arse about face?


    Global Groups have global scope within a domain boundary and only
    within a domain boundary.

    Universal Groups extend past domain boundaries and can be used inside
    (and out of) domains. This requires resources by a GC and therefore
    using Universal Groups should be used sparingly according to Microsoft.

    Domain Local Groups are usually used to assign permissions to groups
    and or users to use a specific resource such as a printer or share.
    They have scope only within that domain.

    HTH,
    Adam
    Adam Leinss, Jan 5, 2004
    #3
  4. Mark Scott

    Adam Leinss Guest

    Adam Leinss <> wrote in message news:<>...
    > "Mark Scott" <> wrote in
    > news:ZEiKb.21$:
    >
    > > Can someone explain this confusion for me? I created a global
    > > group today to assign permissions to a resource in a different
    > > domain but it wouldn;t work, I had to use a Domain Local group for
    > > that.
    > >
    > > Global to me means a far reaching group with more "coverage" than
    > > a Domain Local (local to the domain) so I assumed that to
    > > permission objects outside a domain to use Globals.
    > >
    > > Any ideas why the naming sounds arse about face?

    >
    > Global Groups have global scope within a domain boundary and only
    > within a domain boundary.
    >
    > Universal Groups extend past domain boundaries and can be used inside
    > (and out of) domains. This requires resources by a GC and therefore
    > using Universal Groups should be used sparingly according to Microsoft.
    >
    > Domain Local Groups are usually used to assign permissions to groups
    > and or users to use a specific resource such as a printer or share.
    > They have scope only within that domain.


    I should clarify that Universal and Global Groups can be assigned
    permissions in any domain. However, Global Groups can only contain
    members from within its own domain. Domain Local Groups can only
    contain members for its domain and cannot be assigned permissions in
    other domains.

    Adam
    Adam Leinss, Jan 7, 2004
    #4
  5. /********************************************************
    Domain Local Groups can only
    contain members for its domain and cannot be assigned permissions in
    other domains.
    ********************************************************/

    I think this is not true.

    The difference between group is made by two things: membership and scope.


    Membership Scope

    - DLG User and group from same Forest Same domain

    - GG Same Domain Forest

    - UG User and group from same Forest Forest

    Furthermore the use of DLG depend on the domain's mode: mixed-mode (same as WinNT domain) and native-mode (the DLG is visible (the scope is enlarged also for the member servers and workstations).

    Ciao
    Leone
    =?Utf-8?B?TGVvbmUgUmFuZGF6em8=?=, Jan 7, 2004
    #5
  6. Mark Scott

    learnersenju

    Joined:
    Sep 13, 2009
    Messages:
    1
    Group Scopes

    Global Group:

    Members of Global Group can come only from local domain but members can access resources in any domain.

    Domain Local Group:

    Members of Local Group can come from any domain but members can access resources only in local domain.

    Universal Group:

    Members can come from any domain and members can access resource in any domain.

    Hope this helps!
    learnersenju, Sep 13, 2009
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Hoffa
    Replies:
    0
    Views:
    673
    Hoffa
    Oct 25, 2006
  2. Hoffa
    Replies:
    1
    Views:
    1,421
    Walter Roberson
    Oct 25, 2006
  3. ipgot
    Replies:
    0
    Views:
    468
    ipgot
    Jul 19, 2007
  4. r4ge
    Replies:
    0
    Views:
    562
  5. Limited Wisdom
    Replies:
    7
    Views:
    744
    Jonathan Roberts
    Sep 13, 2006
Loading...

Share This Page