Domain Local vs Global Groups

Discussion in 'MCSE' started by Mark Scott, Jan 5, 2004.

  1. Mark Scott

    Mark Scott Guest

    Can someone explain this confusion for me? I created a global group today
    to assign permissions to a resource in a different domain but it wouldn;t
    work, I had to use a Domain Local group for that.

    Global to me means a far reaching group with more "coverage" than a Domain
    Local (local to the domain) so I assumed that to permission objects outside
    a domain to use Globals.

    Any ideas why the naming sounds arse about face?
     
    Mark Scott, Jan 5, 2004
    #1
    1. Advertisements

  2. Mark Scott

    Lazyadmin Guest

    Here is how i remember it.

    Add users to global groups and add global groupd to domain local groups.
    Give perms to Domain Local groups.
     
    Lazyadmin, Jan 5, 2004
    #2
    1. Advertisements

  3. Mark Scott

    Adam Leinss Guest

    Global Groups have global scope within a domain boundary and only
    within a domain boundary.

    Universal Groups extend past domain boundaries and can be used inside
    (and out of) domains. This requires resources by a GC and therefore
    using Universal Groups should be used sparingly according to Microsoft.

    Domain Local Groups are usually used to assign permissions to groups
    and or users to use a specific resource such as a printer or share.
    They have scope only within that domain.

    HTH,
    Adam
     
    Adam Leinss, Jan 5, 2004
    #3
  4. Mark Scott

    Adam Leinss Guest

    I should clarify that Universal and Global Groups can be assigned
    permissions in any domain. However, Global Groups can only contain
    members from within its own domain. Domain Local Groups can only
    contain members for its domain and cannot be assigned permissions in
    other domains.

    Adam
     
    Adam Leinss, Jan 7, 2004
    #4
  5. Mark Scott

    Guest Guest

    /********************************************************
    Domain Local Groups can only
    contain members for its domain and cannot be assigned permissions in
    other domains.
    ********************************************************/

    I think this is not true.

    The difference between group is made by two things: membership and scope.


    Membership Scope

    - DLG User and group from same Forest Same domain

    - GG Same Domain Forest

    - UG User and group from same Forest Forest

    Furthermore the use of DLG depend on the domain's mode: mixed-mode (same as WinNT domain) and native-mode (the DLG is visible (the scope is enlarged also for the member servers and workstations).

    Ciao
    Leone
     
    Guest, Jan 7, 2004
    #5
  6. Mark Scott

    learnersenju

    Joined:
    Sep 13, 2009
    Messages:
    1
    Likes Received:
    0
    Group Scopes

    Global Group:

    Members of Global Group can come only from local domain but members can access resources in any domain.

    Domain Local Group:

    Members of Local Group can come from any domain but members can access resources only in local domain.

    Universal Group:

    Members can come from any domain and members can access resource in any domain.

    Hope this helps!
     
    learnersenju, Sep 13, 2009
    #6
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.