Re: can't see domain local groups

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

Hi,

Good to know Dean about native vs mixed. Just curious though. Why, away
from the DC, would you have any reason to see/need to add a Domain Local
Group? As Domain Local groups cannot be members of workstation Local Groups
like Domain Groups can, when would be a case when you would use them on
anything but a DC?

I am wondering why MS added the functionality in Native Mode and what
situation you would need it.

Personally I only use the Domain Local "administrators" Group. Other than
that, I just use the "local Users" and "local administrators" group on all my
clients to set permissions.

Thanks

Lara


"Dean Wells [MVP]" wrote:

> Domain Local groups do indeed differ from local groups. The
> functionality of a Domain Local group also differs according to the
> domain mode (or functional level). In Mixed mode, Domain Local groups
> behave similarly to local groups and are visible only to DCs within a
> common domain while in Native mode, Domain Local groups are visible to
> both DCs and clients (visibily is defined as the group's ability to be
> used within, say an, ACL on a domain member).
>
> --
> Dean Wells [MVP / Directory Services]
> MSEtechnology
> [[ Please respond to the Newsgroup only regarding posts ]]
> R e m o v e t h e m a s k t o s e n d e m a i l
>
> Tadashi Inayama wrote:
> > when I try to add folder/file permission to groups, I can
> > only see the listing of global groups and users, but I cannot see
> > any of the domain local groups
> >
> > when I go to other non-DC file servers I get this problem, but
> > I can see both global and domain local groups on Domain Controllers.
> >
> > DNS and WINS setting look good, DC replications also look good
> >
> > any suggestions will help
> >
> > thanks,
> > Tadashi
>
>
>
.

Relevant Pages

  • Re: Pass-through Authentication Between Trusted Domains Not Working
    ... universal groups and add global groups from any trusted domain to the ... Domain local groups will only work on ... domain computers if the domain is in native mode. ...
    (microsoft.public.win2000.security)
  • RE: SQL login setup and windows 2000 domain local group
    ... the GUI when adding logins. ... Windows 2000 must be running in native mode, ... Even when running in native mode, the domain local groups are not ... After I added the domain local group, I was able to log into SQL Server ...
    (microsoft.public.sqlserver.security)
  • Re: Native mode... what now.
    ... If you want to nest groups of the same type (e.g., global groups into other ... global groups or domain local groups into other domain local groups), ... Are you saying that I must use native mode in order to nest groups? ...
    (microsoft.public.windows.server.active_directory)
  • Re: Domain local groups problem
    ... domain local groups are only available on member servers when in at least ...
    (microsoft.public.windows.server.active_directory)
  • RE: Domain local group missing
    ... One more quick question if I may. Mixed mode vs. native ... >Domain local groups only exist on domain controllers ... >in native mode. ...
    (microsoft.public.win2000.security)