Results 1 to 6 of 6

Thread: Global Group or Universal Group

  1. #1
    Join Date
    Jan 2009
    Posts
    145

    Global Group or Universal Group

    Hello,

    what is the difference between Global and Universal groups ?
    If someone could explain it in an easy way it would be great. let's say that I have a couple of domains within 1 site do I really benefit if I create a universal group or it is much better used when you have multiple sites.

    Also when a user tries to logon it contacts the DC or the GC server because I read that in the case of Universal groups a GC server has to contacted.

  2. #2
    Join Date
    Sep 2005
    Posts
    226

    Re: Global Group or Universal Group

    A domain local group is a security or distribution group that can contain universal groups, global groups, other domain local groups from its own domain, and accounts from any domain in the forest. A global group is a group that can be used in its own domain, in member servers and in workstations of the domain, and in trusting domains. For more information visit this page - http://support.microsoft.com/kb/884417

  3. #3
    Join Date
    Aug 2005
    Posts
    822

    Re: Global Group or Universal Group

    Also, if the GC is not available, then it wont be able to enumerate Universal group memberships, and will deny the logon request, because there is a possibility that the user might be a part of a universal group that has been denied to a resource, and hence the system will not allow the logon.

  4. #4
    Join Date
    Jan 2009
    Posts
    145

    Re: Global Group or Universal Group

    so if I understood correct if I want to give access to a particular folder within the network I can just create a single universal group with many global groups from different domains nested inside and on the folder sharing option just give only a single permission for the universal group instead of a permission for each and every global group.

    When Marcin said ; The membership is replicated across the forest (as part of GC replication) what did he meant exactly since if I check on the other domain controllers I do not find the universal group that I have created. Some of the other domain controllers are also GC servers but in the domain and users list the universal group still is not there.

    Thank you for your help

  5. #5
    Join Date
    Oct 2005
    Posts
    449

    Re: Global Group or Universal Group

    When you will follow the AGUDLP guideline, you will have to first create a Domain Local Group, add it to the resource and assign permissions. After that you need to add the Global groups from any domain or any universal groups. Also, I didnt understand you when you checked other domain controllers? Have you tried to check ADUC and you are saying that the Universal group will not exist?

  6. #6
    Join Date
    Jan 2009
    Posts
    145
    FFL is Windows server 2008

    I was wrong since I tought that if I would create a Universal Group in 1 domain it would show itself up automatically in the ADUC list of all other domains.

    Now thanks to you I undertood the AGUDLP guideline and may I ask, If I have a small network environment I can avoid using Universal groups at all and just place global groups into domain local group right and assign permission to it only and it would work the same right ?

Similar Threads

  1. How to create new group on PGP Universal Server 3.1.2
    By McKenzie in forum Networking & Security
    Replies: 6
    Last Post: 06-06-2011, 05:51 AM
  2. Add domain user\group to local admin group problem
    By Landon in forum Active Directory
    Replies: 3
    Last Post: 16-10-2009, 09:30 PM
  3. Problem connecting domain directory with global group
    By ASHER in forum Operating Systems
    Replies: 3
    Last Post: 12-10-2009, 09:29 PM
  4. VB. List the userID from group (Domain Admins set as Primary group)
    By epremyan karapet in forum Software Development
    Replies: 1
    Last Post: 12-10-2009, 07:26 PM
  5. Replies: 2
    Last Post: 04-07-2008, 06:10 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •