Domain Global vs. Domain Local?

[Ben Samuals]

I have read and understand the operational diffenence between these two
group types. My question is why does it seem that updates to the Domain
global do not become available immediately when used for the file system
resource security? Has anyone seen this type of behavior?

thx,

 

[Jerold Schulman]

I have read and understand the operational diffenence between these two
group types. My question is why does it seem that updates to the Domain
global do not become available immediately when used for the file system
resource security? Has anyone seen this type of behavior?

thx,

If you have multiple domain controllers, they must replicate.

Jerold Schulman
Windows: General MVP
JSI, Inc.
http://www.jsiinc.com

 

[Dean Wells [MVP]]

I have read and understand the operational diffenence between these
two group types. My question is why does it seem that updates to the
Domain global do not become available immediately when used for the
file system resource security? Has anyone seen this type of behavior?

thx,

When you say updates do not become available, are you referring to
adding a user to a Global Group whilst they remain logged on? In
addition, you seem to be implying that performing an equivalent action
using Domain Local groups functions immediately, please clarify.

Dean

 

[Ben Samuals]

Dean, what we have seen is when we use domain global's they don't really
take effect immediately. When we use domain locals they do. By this I mean
if I create a domain global and put bobby mac in it, then add it to a
resource (directory) bobby mac wont be able to access the resource
immediately. It usually takes 24 hours or so. At least that is what we are
seeing...

I have read and understand the operational diffenence between these
two group types. My question is why does it seem that updates to the
Domain global do not become available immediately when used for the
file system resource security? Has anyone seen this type of behavior?

thx,

When you say updates do not become available, are you referring to
adding a user to a Global Group whilst they remain logged on? In
addition, you seem to be implying that performing an equivalent action
using Domain Local groups functions immediately, please clarify.

Dean

--
Dean Wells [MVP / Windows platform]
MSEtechnology
[[ Please respond to the Newsgroup only regarding posts ]]
R e m o v e t h e m a s k t o s e n d e m a i l

 

[Dean Wells [MVP]]

Dean, what we have seen is when we use domain global's they don't
really take effect immediately. When we use domain locals they do. By
this I mean if I create a domain global and put bobby mac in it, then
add it to a resource (directory) bobby mac wont be able to access the
resource immediately. It usually takes 24 hours or so. At least that
is what we are seeing...

I have read and understand the operational diffenence between these
two group types. My question is why does it seem that updates to the
Domain global do not become available immediately when used for the
file system resource security? Has anyone seen this type of
behavior?

thx,

When you say updates do not become available, are you referring to
adding a user to a Global Group whilst they remain logged on? In
addition, you seem to be implying that performing an equivalent
action using Domain Local groups functions immediately, please
clarify.

Dean

--
Dean Wells [MVP / Windows platform]
MSEtechnology
[[ Please respond to the Newsgroup only regarding posts ]]
R e m o v e t h e m a s k t o s e n d e m a i l

Per your scenario, is Bobby Mac logged on at the time?

 

[Ben Samuals]

He might be, but when we add him to another group we have him log off, then
back on.

Dean, what we have seen is when we use domain global's they don't
really take effect immediately. When we use domain locals they do. By
this I mean if I create a domain global and put bobby mac in it, then
add it to a resource (directory) bobby mac wont be able to access the
resource immediately. It usually takes 24 hours or so. At least that
is what we are seeing...

Ben Samuals wrote:
I have read and understand the operational diffenence between these
two group types. My question is why does it seem that updates to the
Domain global do not become available immediately when used for the
file system resource security? Has anyone seen this type of
behavior?

thx,

When you say updates do not become available, are you referring to
adding a user to a Global Group whilst they remain logged on? In
addition, you seem to be implying that performing an equivalent
action using Domain Local groups functions immediately, please
clarify.

Dean

--
Dean Wells [MVP / Windows platform]
MSEtechnology
[[ Please respond to the Newsgroup only regarding posts ]]
R e m o v e t h e m a s k t o s e n d e m a i l

Per your scenario, is Bobby Mac logged on at the time?

--
Dean Wells [MVP / Windows platform]
MSEtechnology
[[ Please respond to the Newsgroup only regarding posts ]]
R e m o v e t h e m a s k t o s e n d e m a i l

 

[Dean Wells [MVP]]

He might be, but when we add him to another group we have him log
off, then back on.

Please describe your AD structure; # of DCs, # of domains, # of sites,
server/DC/client OS versions.

 

[Joe Richards [MVP]]

My guess is that you are not allowing time for replication before logging off and logging on.

Check the user's security token with whoami /groups or sectok (from www.joeware.net) after they have logged off and on
to verify that the token contains the group specified.