Archived from groups: microsoft.public.win2000.active_directory (
More info?)
Not that they only have different scope, they also have different purposes.
See
http://www.microsoft.com/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/Default.asp?url=/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/sag_ADgroups_3groupscopes.asp
for explanation. Generally you should use DL groups for setting permission
on resources, global and universal to group your users according to your
organizational schema. Of course there is difference between universal and
global. Universal groups are... well universal that means, that they are
visible in any domain in the forest. That is why they live in global catalog
and not in specific domain controller. If they live in GC, that means that
if you have multiple domain model, they must be fairly static as constantly
changing U groups causes GC replication around the network...
--
Regards
Matjaz Ladava, ladava.com
MCSA, MCSE, MCT
Microsoft MVP Windows Server - Directory Services
e-mail: matjaz@ladava.com, matjazl@mvps.org
"scott" <sbailey@mileslumber.com> wrote in message
news:uF5TUxKEFHA.1600@TK2MSFTNGP10.phx.gbl...
> What's the difference between a DOMAIN LOCAL, GLOBAL and UNIVERSAL group
> scope?
>
> I'm going to setup a sub domain on a Win 2003 standard edition server
> running in Win 2003 domain native mode.
>
Facebook
Twitter
Instagram