RE: A-G-DL-P strategy

Sorry - acronym error!

I assumed DL = dist list. You mean DL = domain local group. Let me use "DLG".

DLGs can contain members from any domain but can only be used to permission
resources in the local domain.

GGs can contain members only from the local domain but can be used to
permission resources in any domain.

(Any domain means any trusting/ed domain)

Does that help?
neil






"kr244" wrote:

> Hi,
>
> thank you!
> But if I can't grant rights to DL groups how should the A-G-DL-P strategy
> work? I'm a little bit confused about that.
> As far as I understood, permissions should be linked to a DL-group and the
> accounts should be linked to G-group?!
>
> Michael
>
> "Neil Ruston" wrote:
>
> > DLs are not security groups and as such cannot be used to grant rights to
> > resources (they have a GUID but no SID).
> >
> > Either:
> > 1. Convert the DL to a security group
> > or
> > 2. Create a security group (such as a GG)
> >
> > then grant rights to that group created/converted above.
> >
> > neil
> >
> >
> >
> >
> > "kr244" wrote:
> >
> > > Hi,
> > > I've got a Active Directory domain that contains 2 child domains.
> > >
> > > I'd like to publish the A-G-DL-P strategy for network permissions.
> > > But if I create a DL-group on one of the domain controllers and then try to
> > > grant permission to this group on a member server network share, this
> > > DL-group doesn't appear in the list of available groups and users.
> > > If I create a G-group on a DC and try to grant this group on the share, it
> > > works perfect.
> > >
> > > Any idea why DL-groups didn't appear on the network share?
> > >
> > > Thank U!
.

Relevant Pages

  • Re: PM Security Issue
    ... gives me permission to open projects in Microsoft Project Professional. ... Categories control what you can do it to. ... in which I am a team member, and in which my resources are team members. ... When the My Projects category is included in the Project Managers group, ...
    (microsoft.public.project.pro_and_server)
  • RE: ADMT - SID History Issues, Cannot access resources in old doma
    ... permission to use this network resource. ... we need to re-ACL the resources. ... we are able to use Security Translation Wizard with a SID ... Create a SID mapping file. ...
    (microsoft.public.windows.server.migration)
  • Re: Group Scope - Which one?
    ... A good example would be something used to permission things inside of Exchange, ... Cary Shultz wrote:> Joe, ... I>>>typically name my Local Security Groups LSG_Hollywood and my Global>>>Security Groups GSG_Hollywood and my Universal Security Groups ... >>>>>make Halle and Yogi members of this global group. ...
    (microsoft.public.win2000.active_directory)
  • Re: merge two domains
    ... My external 'consultants' have recommended me to: ... -duplicate the permission with new groups on existing folder that already ... Migrate resources form domain A to be or from B to A (it depends on ... > You during the migration phase. ...
    (microsoft.public.windows.server.active_directory)
  • Re: MPlayer problem... works as root but not as users
    ... execution only for members of a specific group (and making sure that ... example (assuming you have a group "media" with only trusted userids as ... (note that only execute permission is required to run the binary; ... removing read permission, you ensure that the binary cannot be forced to ...
    (comp.os.linux.misc)
Loading