Global & Domain Local Groups

Ryan Stewart · May 21, 2004

Aside from determining what objects can be members, are there any
differences between domain local and global groups?

In a single domain environment (w2k native) , is there any potential
problems with using global groups to assign access to resources at the
file level? (Aside from violating the almighty AGDLP doctrine)

Thanks, Can give more info if necessary...

Paul Bergson {MCT, MCSE} · May 21, 2004

If you will always be in a single domain forest, it is of no consequence. I
used to work for a company of 55,000 people. They used global groups for
all grouping and permission assignment.

Go ahead.

Joe Richards [MVP] · May 21, 2004

Nope, in that specific case you can use global groups or domain local groups.
The AGDLP (or alternatively UGLY) doctrine really isn't something I ever pay
attention to as it is silly unless you are doing roles with global groups and
resource permissioning at the LG level.

If you ever consider having another domain, seriously consider using domain
local groups for permissioning files.

joe

Global & Domain Local Groups

Ryan Stewart

Paul Bergson {MCT, MCSE}

Joe Richards [MVP]