I can see this..... but you can't nest anything in a local group huh. I swear that particular point isn't in the MOAC. Thanks for researching it cause I thought for sure the guy was wrong.
Dana On 7/14/05, Nick McClure <[EMAIL PROTECTED]> wrote: > Well, Nested groups can come in handy in a large organization. > > For instance, we have a domain with two forests containing roughly 60k > user accounts and I don't know how many computers and groups. > > Say I maintain a system that is used by various departments and a total > of 1000 people need to connect to it. Well instead of me having to add > all those people to my one group. I create a group for each department > and allow them to manage the people they let in. > > So for instance I have a system called Timber, its job is to take in the > syslogs for around 200 or so servers and routers. Well these logs needs > to be accessed by people in various departments in various OUs in > various subdomains and forests. > > I have a TimberReader group, which contains some users, and some groups. > Control of the Nested groups is delegated out to the people in charge of > those departments. > > In a small domain, it doesn't do much, but in a large organization it > can be very handy. > > -----Original Message----- > From: Dana [mailto:[EMAIL PROTECTED] > Sent: Thursday, July 14, 2005 9:11 PM > To: CF-Community > Subject: Re: one more time - universal groups > > ya, actually. Thank you. So what would you use nested groups for, do you > know? > > Dana > > On 7/14/05, Nick McClure <[EMAIL PROTECTED]> wrote: > > No, I was not able to do it. The Domain Admin group cannot have a > member > > that is not part of the same domain. > > > > It also cannot contain a group that could have a member that is not in > > the same domain. > > > > Now you can mimic the functionality by adding the user to the > Enterprise > > Admins Group in the parent domain. Or by adding the user to the > > Builtin\Administrators group in the child domain. > > > > Clear as mud? > > > > -----Original Message----- > > From: Dana [mailto:[EMAIL PROTECTED] > > Sent: Thursday, July 14, 2005 8:18 PM > > To: CF-Community > > Subject: Re: one more time - universal groups > > > > so, bottom line, you were able to add a user from the parent domain to > > the domain admins group of the child domain? Sorry to be so slow > > answering this -- I do not always have access to this setup. > > > > Dana > > > > On 7/14/05, Nick McClure <[EMAIL PROTECTED]> wrote: > > > OK, so here is what I learned. > > > > > > The Domain Admins group is a Global Group, for some reason I thought > > it was > > > a Universal Group. A global group is only able to see the local > > domain, it > > > is able to see all objects in the local domain, but only the local > > domain. > > > > > > Now, the other thing I was playing with, why does the user have to > be > > a > > > member of the Domain Admins group? Why not just make them a member > of > > the > > > Administrators Group? > > > > > > The Domain Admins group is just a global group, therefore it cannot > > see > > > Universal Groups, nor can it see people outside its domain. > > > > > > One thing I tried was to use the command prompt to change the Group > > Type of > > > the Domain Admin group to Universal, however that didn't work. > > > > > > The next thing I did was I renamed Domain Admins to Domain Admins2, > > Created > > > a new group called Domain Admins, set it to Universal, added that > > group to > > > the Builin/Administrators group, then added the user from the parent > > domain. > > > > > > > > > > -----Original Message----- > > > > From: Dana [mailto:[EMAIL PROTECTED] > > > > Sent: Wednesday, July 13, 2005 9:30 PM > > > > To: CF-Community > > > > Subject: Re: one more time - universal groups > > > > > > > > thanks :) > > > > > > > > Dana > > > > > > > > > > > > > > > > > > > > > > > > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Find out how CFTicket can increase your company's customer support efficiency by 100% http://www.houseoffusion.com/banners/view.cfm?bannerid=49 Message: http://www.houseoffusion.com/lists.cfm/link=i:5:164875 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/5 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:5 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.5 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
