Local Groups Not Visible

A

AshiP

Hi,

I have just migrated to Active Directory from NT4. I am
currently looking after 22 Servers, two of which are
Domain Controllers. I create a Domain Global Group and a
Domain Local Group then add the Domain Global Group to the
local Group and add users to the Global Group and assign
permissions to the Local group. The problem I am having is
that I can't find the Local Group when browsing AD (say
when adding permissions to a directory). I can see the
Global Groups and the occasional Local Group.

I can see all the groups when browsing on the Domain
Controllers but not from any other servers.

Any help would be greatly apreciated.

Thanks
 
H

Herb Martin

AshiP said:
Hi,

I have just migrated to Active Directory from NT4. I am
currently looking after 22 Servers, two of which are
Domain Controllers. I create a Domain Global Group and a
Domain Local Group then add the Domain Global Group to the
local Group and add users to the Global Group and assign
permissions to the Local group. The problem I am having is
that I can't find the Local Group when browsing AD (say
when adding permissions to a directory). I can see the
Global Groups and the occasional Local Group.
Click to expand...

If you are not browsing AD directly (e.g., AD User/Computers)
then you cannot see/use "local" groups (of the domain) on non-DCs
in MIXED mode.

Mixed mode continues the NT restriction that "Local Groups"
are only usuable within the precise scope where they are created;
(Fancy way of saying "DCs for local groups of the domain" and
"on the Machine for it's own local groups.")

In Native mode, Domain Local groups are still local to the domain,
but they are then available throughout that domain, on all machines
of the same domain.
I can see all the groups when browsing on the Domain
Controllers but not from any other servers.
Click to expand...
 
J

Jerold Schulman

Hi,

I have just migrated to Active Directory from NT4. I am
currently looking after 22 Servers, two of which are
Domain Controllers. I create a Domain Global Group and a
Domain Local Group then add the Domain Global Group to the
local Group and add users to the Global Group and assign
permissions to the Local group. The problem I am having is
that I can't find the Local Group when browsing AD (say
when adding permissions to a directory). I can see the
Global Groups and the occasional Local Group.

I can see all the groups when browsing on the Domain
Controllers but not from any other servers.

Any help would be greatly apreciated.

Thanks
Click to expand...

See tip 3963 in the 'Tips & Tricks' at http://www.jsiinc.com for switching to
Native mode.

Jerold Schulman
Windows: General MVP
JSI, Inc.
http://www.jsiinc.com
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Problem with domain local and global groups 3
Nesting groups? 5
Removing domain local groups from Wind XP local administrators gro 3
Help!!! Domain Local Groups 7
Groups in 2003 2
Universal v global. 2
Users from external forest to member server local group 1
Find all references to an AD group 2

Top