Yeh it's not local group as in local machine domain groups, it's local as in AD groups..
There are 3 types. Local, Global and Universal.. The most basic type of group suitable for networking is the global group, used to control access to resources that exist anywhere on the network. The primary limitation to global groups is that they can only contain members from a single domain. You'd use a global group for users within a single domain that need access to a common group of files or directories. Domain local groups are essentially the opposite of global groups. Where a global group is limited to having members from a single domain, a domain local group can have members from every domain in your network. However, unlike global groups, domain local groups can only be applied to resources within a single domain, hence the name domain local group. Universal groups, as the name implies, can contain members from any domain on the network and can control access to resources existing in any of the network's domains. http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechn ol/ad/windows2000/maintain/adusers.asp Shaolin - IT Systems WB Ltd. .: http://www.security-forums.com :. ----- Original Message ----- From: "Simo Sorce" <[EMAIL PROTECTED]> To: "Jean Francois Micouleau" <[EMAIL PROTECTED]> Cc: "Gerald (Jerry) Carter" <[EMAIL PROTECTED]>; "Gareth Davies" <[EMAIL PROTECTED]>; "James Braid" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Friday, October 25, 2002 7:26 PM Subject: Re: Winbind doesnt enumerate more than one group from an AD domain
