Group Scope and Nesting

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Re study for 70-290, I have a quick question re nesting of Active Directory groups of different scope which I wonder if anyone can help with. Its maybe a bit of an obscure question, but it would help me understand the different types of group scope (I'm finding the Microsoft self-paced training guide a bit confusing on this topic).

Basically what I am wondering is what happens if a global group is nested inside a domain local group. The domain local group allows access only to resources in its local domain, but a global group allows access to resources from any domain in the forest. So is the global group restricted by this membership of the domain local group, ie to the domain local group's local domain only, so that the global group members can no longer access resources from other domains ?

Cheers for any info.

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

You use domain local groups for the local resources.. shares printers etc in the doman.

you add to that groups that contain users.. so that those groups can access the local resources.

for example, you add to the domain local group, a global group that contains the users that are allowed access to the local domain resources.

 

to answer your question mate.... being part of a domain local group doesnt restrict any global group permissions.

unless of course their is deny permissions lol.

 

OK, I have got confused with regards to what I have read re domain local groups, namely that "members can access resources only in local domain" (page 8-5 MS Self-Paced book for 70-294).

That's of course unless these members happen to be nested inside a global group - but nobody said that!

This is an example of the VIVO principle in computing, ie. vagueness in vagueness out - a vague description leads to a vague understanding!

Cheers anyway for the replies.
Ross.