I have created a test domain with one server (windows server 2008r2) running active directory and dns, and one client that is in the domain(windows 7 enterprise)
I have created a new user, John Andrews, and added him to the Domain Admin [Global Group] and then Domain Admin's is a member of Administrators [Domain Local Group].
Now my understanding was that you in theory use the Global Groups for users, and the Domain Local groups for resources. So for example if your usinging the built in groups, you would assign your Admin users to the Domain Admins global group, and then any folder or object that had the Administrators domain local group in it's permissions, would be accessable to your Admins users, because Domain Admins is a member of the domain local group Administrators.
On the server, while logged in as John Andrews I then created a new 10GB partition, H:, to make as a file share. The permissions of this partition have the Administrators domain local group as a member with Full Control.
I then created a new folder in this partition called LanAdmin. The folder creates fine, but then when I try to open it, I get a dialog that I do not have permission. When I check the Security permissions, it again says that I do not have the administrative permission, however I can still hit continue to view the permissions. And in the security list is the Administrators domain local group with Full control selected.
I do not understand why I do not have permissions to this folder, even as I just created it. Am I not correct about how a user in the global group has access to resources of a domain local group that the users global group is a member of?
What am I missing here about how the permissions work?