Go Back   TechArena Community > Technical Support > Computer Help > Windows Server > Active Directory
Become a Member!
Forgot your username/password?
Register Tags Active Topics RSS Search Mark Forums Read

Sponsored Links



Global Group or Universal Group

Active Directory


Reply
 
Thread Tools Search this Thread
  #1  
Old 30-08-2009
Member
 
Join Date: Jan 2009
Posts: 145
Global Group or Universal Group

Hello,

what is the difference between Global and Universal groups ?
If someone could explain it in an easy way it would be great. let's say that I have a couple of domains within 1 site do I really benefit if I create a universal group or it is much better used when you have multiple sites.

Also when a user tries to logon it contacts the DC or the GC server because I read that in the case of Universal groups a GC server has to contacted.

Reply With Quote
  #2  
Old 30-08-2009
Member
 
Join Date: Sep 2005
Posts: 226
Re: Global Group or Universal Group

A domain local group is a security or distribution group that can contain universal groups, global groups, other domain local groups from its own domain, and accounts from any domain in the forest. A global group is a group that can be used in its own domain, in member servers and in workstations of the domain, and in trusting domains. For more information visit this page - http://support.microsoft.com/kb/884417
Reply With Quote
  #3  
Old 30-08-2009
Member
 
Join Date: Aug 2005
Posts: 822
Re: Global Group or Universal Group

Also, if the GC is not available, then it wont be able to enumerate Universal group memberships, and will deny the logon request, because there is a possibility that the user might be a part of a universal group that has been denied to a resource, and hence the system will not allow the logon.
Reply With Quote
  #4  
Old 01-09-2009
Member
 
Join Date: Jan 2009
Posts: 145
Re: Global Group or Universal Group

so if I understood correct if I want to give access to a particular folder within the network I can just create a single universal group with many global groups from different domains nested inside and on the folder sharing option just give only a single permission for the universal group instead of a permission for each and every global group.

When Marcin said ; The membership is replicated across the forest (as part of GC replication) what did he meant exactly since if I check on the other domain controllers I do not find the universal group that I have created. Some of the other domain controllers are also GC servers but in the domain and users list the universal group still is not there.

Thank you for your help
Reply With Quote
  #5  
Old 01-09-2009
Member
 
Join Date: Oct 2005
Posts: 449
Re: Global Group or Universal Group

When you will follow the AGUDLP guideline, you will have to first create a Domain Local Group, add it to the resource and assign permissions. After that you need to add the Global groups from any domain or any universal groups. Also, I didnt understand you when you checked other domain controllers? Have you tried to check ADUC and you are saying that the Universal group will not exist?
Reply With Quote
  #6  
Old 01-09-2009
Member
 
Join Date: Jan 2009
Posts: 145
FFL is Windows server 2008

I was wrong since I tought that if I would create a Universal Group in 1 domain it would show itself up automatically in the ADUC list of all other domains.

Now thanks to you I undertood the AGUDLP guideline and may I ask, If I have a small network environment I can avoid using Universal groups at all and just place global groups into domain local group right and assign permission to it only and it would work the same right ?
Reply With Quote
Reply

  TechArena Community > Technical Support > Computer Help > Windows Server > Active Directory
Tags: , , , ,



Thread Tools Search this Thread
Search this Thread:

Advanced Search


Similar Threads for: "Global Group or Universal Group"
Thread Thread Starter Forum Replies Last Post
How to create new group on PGP Universal Server 3.1.2 McKenzie Networking & Security 6 06-06-2011 06:51 AM
Add domain user\group to local admin group problem Landon Active Directory 3 16-10-2009 10:30 PM
Problem connecting domain directory with global group ASHER Operating Systems 3 12-10-2009 10:29 PM
VB. List the userID from group (Domain Admins set as Primary group) epremyan karapet Software Development 1 12-10-2009 08:26 PM
Adding group/user to local Admins group on all workstations? IJAYA Window 2000 Help 2 04-07-2008 07:10 AM


All times are GMT +5.5. The time now is 03:03 PM.