Nothing really happens when you toggle that button other than an update to the groupType (IIRC that's the one) attribute. Replication is smart enough in a multi-domain environment on GCs to sync the membership into the GC's database.
Thanks, Brian Desmond [email protected] w - 312.625.1438 | c - 312.731.3132 From: Free, Bob [mailto:[email protected]] Sent: Thursday, April 12, 2012 1:38 PM To: NT System Admin Issues Subject: RE: Domain local vs. global vs. universal Volumes have been written about this. There are even those who <gasp> disagree with Brian's recommendation. I'm not saying any of it is good or bad but a lot of smart folks have argued pros and cons of various methodologies over the years. You might want to read up on it a little for your own edification. From: David Lum [mailto:[email protected]] Sent: Thursday, April 12, 2012 11:12 AM To: NT System Admin Issues Subject: RE: Domain local vs. global vs. universal So....technically what is happening when you click that little radio button to change group type Local/Global/Universal? What's happening behind the scenes? Universal's get copied to GC's and others don't, but what else? Dave From: Brian Desmond [mailto:[email protected]]<mailto:[mailto:[email protected]]> Sent: Thursday, April 12, 2012 10:03 AM To: NT System Admin Issues Subject: RE: Domain local vs. global vs. universal In a single domain forest (or even many multi-domain domain forests today), I would just do all uni groups. Thanks, Brian Desmond [email protected]<mailto:[email protected]> w - 312.625.1438 | c - 312.731.3132 From: David Lum [mailto:[email protected]]<mailto:[mailto:[email protected]]> Sent: Thursday, April 12, 2012 11:28 AM To: NT System Admin Issues Subject: Domain local vs. global vs. universal Today I found a global group in my AD (created by an SE that wasn't me), but for this function I needed to add a domain local group to it and for course, that's not possible. Someplace I heard in AD pretty much every group you use should be domain local unless it's used for Exchange in which case you use Universal. All groups I create are domain local and it simply works, but I know that doesn't mean it's right. Before sending a note to the SE team on this I wanted to get a consensus from you guys. Comments? David Lum Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
