Single Forest and three domains

  • Thread starter Thread starter JPaul
  • Start date Start date
J

JPaul

Do I use Global group or universla group in this instance - I want a certain
group to be part of all the domains in the single forest. thanks.
 
JPaul said:
Do I use Global group or universla group in this instance - I want a
certain
group to be part of all the domains in the single forest. thanks.
Click to expand...

Hello Jpaul,

This has not directly anything to do with the GC.

Remember, Domain lokal groups can contain members of every domain, but
assign rights only to the same domain.

Global Groups can contain members of the same domain, but are able to
be assigned to any domain in the forest or trusted domains.

Universion Groups can contain any membery of any domain and assign them
to ressources in any domain.

Universial Grops are somewhat stored in GC. But if you don't have a
WS3k3 Native Forest they have a physical limit of about 5k members.

--
Gruesse - Sincerely,

Ulf B. Simon-Weidner

MVP-Book "Windows XP - Die Expertentipps": http://tinyurl.com/44zcz
Weblog: http://msmvps.org/UlfBSimonWeidner
WebSite: http://www.windowsserverfaq.org
 
Further to Ulf's message best practice would be to create global groups in
each domain containing that local domains users then place the global groups
into a universal group thus cutting down data stored in the GC and
minimizing replication traffic if group memberships change (although in
2003.

John

John Savill MCSE MVP
(e-mail address removed)
 
JPaul said:
Do I use Global group or universla group in this instance - I want a certain
group to be part of all the domains in the single forest. thanks.
Click to expand...

"part of all the domains" in a single forest? There is no way
to do (precisely) that.

You could in theory put a global group inside of every other
group -- but I seriously doubt that is what you want.

You might wish to have a group with the same Name in
every domain, but that is just a matter of creating it in each
domain (and it will NOT be the "same" group.)

Perhaps you wish a group that contains users (etc.) from all
over the Forest?

In that case it must NOT be a "Global" group -- Globals can
only contain objects from the SAME domain (as the group).

In this latter case you will use a Universal, to contain Globals
from each domain (best practice.)
[/QUOTE]
 
Back
Top