Right. So even if GPO are not replicated between child domains the authentication handshake is actually forwarded all the way to the users home DC and once allowed to login the GPO applied to the user will get processed as normal as it would do when a user is logged in on a pc which is part of the same domain as the user was created...
cool cheers Joss On 2 July 2011 02:35, Michael B. Smith <[email protected]> wrote: > If you link, it links. If it doesn’t, it won’t. That isn’t any different. > **** > > ** ** > > Regards,**** > > ** ** > > Michael B. Smith**** > > Consultant and Exchange MVP**** > > http://TheEssentialExchange.com**** > > ** ** > > *From:* helpdesk UK [mailto:[email protected]] > *Sent:* Friday, July 01, 2011 5:09 PM > > *To:* NT System Admin Issues > *Subject:* Re: Single Forest multiple Child domains**** > > ** ** > > **** > > any comments !**** > > **** > > cheers**** > > Joss**** > > On 1 July 2011 10:09, helpdesk UK <[email protected]> wrote:**** > > **** > > I know we have discussed this already but I forgot to ask one question so > if once the user logs on happily using [email protected]**** > > **** > > How does the user specific GPO apply to that user i.e. the GPO in > abc.xyz.com don't get replicated between child domains i.e. > def.xyz.comcorrect ? > **** > > **** > > **** > > cheers**** > > Joss**** > > **** > > > > **** > > On 29 June 2011 07:56, helpdesk UK <[email protected]> wrote:**** > > **** > > Thank you all for responding to this email.**** > > **** > > Great help**** > > **** > > **** > > cheers**** > > Joss**** > > On 27 June 2011 22:32, Webster <[email protected]> wrote:**** > > That is no longer the acronym used.**** > > **** > > Taken from the 2008/2008 R2 AD class I have taught:**** > > **** > > Single-domain forest: IGDLA**** > > Multi-domain forest: IGUDLA**** > > **** > > *I*dentities (users or computers) are members of**** > > *G*lobal groups that collect members based on those members roles**** > > **** > > Which are members of**** > > **** > > *D*omain *L*ocal groups that provide management of some kind, such as > mgmt. of resource access**** > > **** > > Which are**** > > **** > > Assigned *A*ccess to a resource (i.e., on an ACL)**** > > **** > > The “U” for multi-domain forests is Universal groups. From a nesting > perspective, global groups from any domain in the forest can be members of > universal groups, and universal groups can be members of any domain local > groups in the forest.**** > > **** > > Hope that helps.**** > > **** > > **** > > Carl Webster**** > > Consultant and Citrix Technology Professional (and MCT)**** > > http://dabcc.com/Webster**** > > **** > > **** > > **** > > *From:* helpdesk UK [mailto:[email protected]] **** > > *Subject:* Re: Single Forest multiple Child domains**** > > **** > > so I read up once on this going back in NT days..**** > > **** > > AGLP**** > > **** > > Create a user**** > > Add the user to a Global Group**** > > Add the global group to Local Group**** > > Assign permissions**** > > **** > > Now in win2k8 days we add the mix of UG...**** > > **** > > so add local group in child1.xyz.com to UG child1.xyz.com and than add the > UG child1.xyz.com to a local group in child2.xyz.com and than assign > permissions !!!**** > > **** > > correct ?**** > > **** > > cheers**** > > Joss**** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~**** > > > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin**** > > ** ** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin**** > > ** ** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin**** > > ** ** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin**** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
