In a non-bandwidth constrained environment, I wouldn't even spend any time thinking about it. Just make everything universal and go onto the next problem.
Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: David Lum [mailto:david....@nwea.org] Sent: Wednesday, April 07, 2010 12:14 PM To: NT System Admin Issues Subject: AD group types I'm trying to come up with guidelines for me Service Desk guys when creating group accounts. When to use Domain Local is easy, I'm less sure about when we should use Global vs. Universal. Distribution lists need to be Universal, but is there any reason in a mid-sized environment to use Global groups at all? I'm wondering if we can get away with just Domain Local and Universal groups. I have a good idea what the difference between the two groups are, I'm just not sure when I should use Global instead of Universal. I know Universal group info goes to the GC and there's some traffic involved, but with 2003 FF level it should be minimal. All comments welcome. David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~