D
Darren
what are the diffrences amoung groups Domain Local and Domain Admin..
Thanks
Darren
Thanks
Darren
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
R
Roger Abell
Domain Local is a type of group, not a group itself.
Domain local groups can contain members from other domains.
Domain global groups by contrast can only contain as members
objects that are defined in the group's domain.
Domain admins is a group. It is a domain global group. By
default Domain Admins is a member in the Administrators group
on every machine in its domain (this is changable).
Domain local groups can contain members from other domains.
Domain global groups by contrast can only contain as members
objects that are defined in the group's domain.
Domain admins is a group. It is a domain global group. By
default Domain Admins is a member in the Administrators group
on every machine in its domain (this is changable).
D
Darren
Thanks . Roger
Just want to make sure I understand the diffrences . I am just curious to
know whats the use of Domain local group and when would you use domain local
groups perhaps some examples..
Are there articles on Microsoft site that explain group membership usage and
best practises etc....
Thanks
Darren
Just want to make sure I understand the diffrences . I am just curious to
know whats the use of Domain local group and when would you use domain local
groups perhaps some examples..
Are there articles on Microsoft site that explain group membership usage and
best practises etc....
Thanks
Darren
R
Roger Abell
The best docs for comprehensive view of what is there and some
issues for usage is the resource kit. Check out
www.reskit.com
Opinions differ as to when use of domain global vs domain local
is a correct choice. Either are available for use on any machine in
the domain. They of course have potentially significant differences
in a multi-domain forest, as globals can contain only objects from
their own domain - a limitation locals do not have. The user token
contains info on all memberships of the account, and has a limited
size, and as globals have a smaller representation the token can
hold info about more group memberships is globals are used.
Those are some factors, but the pros and cons do not alway give
a clear winner as to a best practice - but again, in a single domain
forest (that will always be so) locals seem to hold little advantage,
whereas if the opposite is true globals can be a risky thing to use
directly across members of the domain (risking potential future
need to change the members).
issues for usage is the resource kit. Check out
www.reskit.com
Opinions differ as to when use of domain global vs domain local
is a correct choice. Either are available for use on any machine in
the domain. They of course have potentially significant differences
in a multi-domain forest, as globals can contain only objects from
their own domain - a limitation locals do not have. The user token
contains info on all memberships of the account, and has a limited
size, and as globals have a smaller representation the token can
hold info about more group memberships is globals are used.
Those are some factors, but the pros and cons do not alway give
a clear winner as to a best practice - but again, in a single domain
forest (that will always be so) locals seem to hold little advantage,
whereas if the opposite is true globals can be a risky thing to use
directly across members of the domain (risking potential future
need to change the members).