No announcement yet.

Security Groups

  • Filter
  • Time
  • Show
Clear All
new posts

  • Security Groups

    Ok so I get it...users need to go to Global Groups.....make global group a member of domain local group...and use domain local group to assign permissions.

    Can I skip the domain global group and just add users directly to domain local group and use it to assign permissions.

    I have multiple domains but in this cases both resources and users are in the same domain.


  • #2
    Re: Security Groups

    Yes, I believe so.

    Domain group explanation:


    • #3
      Re: Security Groups

      Wht should we not use global groups to assign permissions? Does it increase Global Catalog replication?


      • #4
        Re: Security Groups

        Nothing stopping you but it is well accepted best practice to use AGULP as your group nesting strategy. That way someone can come into your network and understand it rather than finding it is done the opposite way to the rest of the world

        From experience, having 2 levels of groups (AGdLP) makes management much, much easier -- universal groups only really have use in a multidomain environment
        Tom Jones
        MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
        PhD, MSc, FIAP, MIITT
        IT Trainer / Consultant
        Ossian Ltd

        ** Remember to give credit where credit is due and leave reputation points where appropriate **