Re: Difference between a domain group and a local group

From: "Al Dunbar" <alandrub@xxxxxxxxxxx>
Date: Sat, 21 Mar 2009 14:10:43 -0600

<gimme_this_gimme_that@xxxxxxxxx> wrote in message
news:c010b1ed-1691-487b-b071-359b63d5168b@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Richard Mueller made this comment about his AddToGroup.vbs script:

---
A quick comment. Rather than maintaining a list of users,
you could create a domain group. Make the users members of
the domain group, then make the domain group a member of
the local group on each computer. The machine local group
is altered once, then thereafter the list is maintained by
altering the domain group membership.
---

What is the difference between a domain group and a local group.

A local group is a group defined on a computer that is not a domain
controller. A domain group is defined on all of the domain controllers in a
domain.

Of course, a domain group can be Universal, domain global, or domain local,
whereas a computer local group can only be local.

Could someone provide a longer version of this quick comment?

This is kind of out of context, but, assuming that the local group in
question is the local administrators group and that you had a group of
domain users who were all to be given administrator access to the computers
in question, you would create a domain global group in the same domain in
which the user accounts exist. You would then add the users to this group.

Then on each computer you would add the above mentioned domain group as a
member of the local administrators group.

I don't know if that is longer or shorter, however, managing groups this way
is a very common activity for administrators. But this has nothing to do
with scripting, per se, so perhaps you should spend some time in an active
directory newsgroup to pick up on this aspect of your problem.

/Al

.

Follow-Ups:
- Re: Difference between a domain group and a local group
  - From: gimme_this_gimme_that@xxxxxxxxx

References:
- Difference between a domain group and a local group
  - From: gimme_this_gimme_that@xxxxxxxxx

Prev by Date: Re: VBScript Debug
Next by Date: Re: Open a group as domain administrator
Previous by thread: Re: Difference between a domain group and a local group
Next by thread: Re: Difference between a domain group and a local group
Index(es):
- Date
- Thread

Relevant Pages

Re: Giving Accounts Local Computer Admin Privledge
... You can modify local group memberships in a startup script. ... then make the domain group a member of the local Administrators group. ... ' Check if domain group already a member. ...
(microsoft.public.windows.server.active_directory)
Re: Group Policy questions
... supresses errors. ... > will not work as a logon script as when run twice, ... >> Purpose = add ITTechnicians Domain Group to Administrators Local Group ... >> 'Get domain group and assigned to ITTechs Variable ...
(microsoft.public.windows.group_policy)
Re: Group Policy questions
... will not work as a logon script as when run twice, ... > Purpose = add ITTechnicians Domain Group to Administrators Local Group ... > 'Get domain group and assigned to ITTechs Variable ...
(microsoft.public.windows.group_policy)
Re: How to configure local PC group membership via Group Policy?
... key the name of the Domain group you ... want to added to the local group. ... Don't put anything in the "Members of this group" box. ... > First is Add Group (I'm assuming I need to create a security group ...
(microsoft.public.windows.group_policy)
Re: Adding Domain User to local PC
... ' Specify AdsPath of domain group to be added to ... ' Bind to domain group. ... ' Bind to local group. ...
(microsoft.public.windows.server.scripting)