| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 22635 | 2002-07-26 05:53:00 | nt domain local groups | mutts (790) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 65563 | 2002-07-26 05:53:00 | still using nt domain controller, however have 2k pc's starting to be added, no biggy. BUT unable to use the local groups created on the domain controller on the 2k machines (permissions for sharing etc...) can see global groups and local users from the domain but need to be able to see local groups when giving permissions on the 2000 pc's any ideas? |
mutts (790) | ||
| 65564 | 2002-07-26 06:54:00 | Are the 2000 Pro machines Domain Members? | BIFF (1) | ||
| 65565 | 2002-07-26 07:07:00 | users are assigned to Global groups You add the local groups to a global group and assign the global groups to the users The local group provides local access to a shared resource and the global group distributes it as required |
Marty2001 (421) | ||
| 65566 | 2002-07-26 08:26:00 | Local groups, from memory, are for larger networks. Global groups are for smaller ones. Never made sense when I did the exam. robo. |
robo (205) | ||
| 65567 | 2002-07-26 08:36:00 | I was slightly wrong You add the global groups to the local groups which is the confusing part at first eg: ctdp.tripod.com |
Marty2001 (421) | ||
| 65568 | 2002-07-27 05:36:00 | Not sure about NT as I have started with Win2k ... but in Win2k U-G-L-R applies. That is : (U)sers go into global groups - (G)lobal groups go into domain local groups - domain (L)ocal groups are used to apply permissions to (R)esources ... | jpreou (1217) | ||
| 65569 | 2002-07-28 22:27:00 | ok, to save confusion A is primary domain (nt), holds all of the user accounts B is the sub domain (nt), holds all of the pc accounts imagine a dinner plate with 6 potatoes on it, the plate is domain A, potatoes are sub domains B,C,D etc... resources are shared via local groups on domain B e.g. area1, area2 etc.... with the A Domain as members in these groups. unable to add the resources to A domain due to restrictions in place eg would put us over the MS (bill gates) limit of 10 000, names per domain) win 2k only registers local groups as the local machine not domain local groups. this is what we need to overcome. and yes the win2k machines are members of domain B and cannot be added under domain A |
mutts (790) | ||
| 65570 | 2002-07-29 00:10:00 | Set up trust relationships between the domain controllers. I get the impression the primary domain is on the PDC and the child domains are on either standalone servers or BDCs. Given that NT 4 Server trust relationships are explicit - that if domain A trusts domain B and domain B trusts domain C, then domain A does NOT trust domain C, you may want to upgrade to 2k Server. Trusts are also one-way and require significant planning. Yes - for a "two-way" trust you need to create two one-way trusts. 2k server trust relationships are implicit - that if domain A trusts domain B and domain B trusts domain C, then domain A DOES trust domain C. Also, trusts are two-way |
Merlin (503) | ||
| 65571 | 2002-07-29 00:13:00 | More to that - if you decide to explore upgrading, given your area of employment, you may find Advanced Server more suitable. | Merlin (503) | ||
| 65572 | 2002-07-29 01:20:00 | thanks, didn't work but thanks server upgrade later on this year, |
mutts (790) | ||
| 1 | |||||