Goodness gratious Todd, the answer is always 42... Err no, the answer is
always It Depends!
I personally like LGs and DLGs, always have all the way back to say 1996 or
so. Global Groups make me itch, Univeral groups make my eyes water. You
will note I wrote a command line tool for managing
In general, I would make the decision based on who needed to be allowed
access and who needed to control that access.
Assuming that you want to have a point of control to be in the domain
where the OU and groups are, then here's what I'd do.
Admins can only be from the same domain as the OU: use
3:04 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Domain Local Group vs Global Security Group for
Delegated Permissions in AD
In general, I would make the decision based on who needed to be allowed
access and who needed to control that access.
Assuming that you want to have
They can be used to assign permissions to any object within the domain in
which it exists.
In NT4 terms, it's the rough equivilent of making an identical local group
on each box throughout the domain.
--
Roger D. Seielstad - MTS MCSE
AS long as you are in Native Mode. In mixed mode they are the same as
NT 4 domain controller based local groups
-Original Message-
From: Roger Seielstad [mailto:[EMAIL PROTECTED]
Sent: Wednesday, June 18, 2003 9:11 AM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Domain Local
]
Sent: Wednesday, June 18, 2003 9:13 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Domain Local Group
AS long as you are in Native Mode. In mixed mode they are
the same as NT 4 domain controller based local groups
-Original Message-
From: Roger Seielstad [mailto
In mixed mode, Domain Local Groups have scope only on Domain Controllers
like with NT4. In Native mode, any machine in the domain can use the
groups.
What exactly can they be used for? Can I create a DLG and add global
groups and assign permissions? Can I assign sql2000 permissons
O Ok. Thanks!
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Monday, June 16, 2003 3:36 PM
To: [EMAIL PROTECTED]
Subject: Re: [ActiveDir] Domain Local Group
In mixed mode, Domain Local Groups have scope only on Domain Controllers
like with NT4
