So if you have a mixed mode forest, what if you give perms directly to Global groups on Enterprise objects in AD and only use local groups for Domain local stuff? or are you just supposed to rely on Auth users or Everyone for stuff like that? What happens if your perms are checked against a GC? GC's don't know about members of LG or GG's. Do your perms ever get checked against a GC btw? If i have RO perms on the config nc in domA and they get rep'ed to domB, is there a chance a GC from domB would be checked for perms or is it always a local DC on port 389? Thanks. your explanation made sense. it helped a lot.
-----Original Message-----
From: Grillenmeier, Guido [mailto:[EMAIL PROTECTED]
Sent: Mon 9/5/2005 2:45 PM
To: ActiveDir@mail.activedir.org
Cc:
Subject: RE: [ActiveDir] hide an attribute
<<winmail.dat>>
