• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 257
  • Last Modified:

Local and Global Groups

I'm trying to understand the concepts behind Local and Global groups. If I have a single domain then is a Global group all I would have to set up if I want users to access a resource, or should the procedure be to create a local group also and put the Global in the Local?

I appreciate that if I had a multi domain environment, then creating a Local group and putting various Global groups from the different domains in the Local and applying permissions makes sense. But it's understanding what to create and why.

1 Solution
The purpose of Global Groups is to groups users and groups from "different" domains and make them a member of a local group. Please note that the need for a Global Group it totally conceptual, otherwise you might individually give rights to the users however this reduces the managebility in large environments.

So idea is to have a Managers Global Group and make this one member of required local groups on whereever needed. When a new manager arrives, simply make him a member of the Global Group and do not bother about anything else.

In single domain environment, there are no benefit of using Global Groups other than following the best practice and keeping the environment scaleable incase a new domain might be added at a later time.

So it is not a must but my advice it to use them.

Hope this helps,
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Train for your Pen Testing Engineer Certification

Enroll today in this bundle of courses to gain experience in the logistics of pen testing, Linux fundamentals, vulnerability assessments, detecting live systems, and more! This series, valued at $3,000, is free for Premium members, Team Accounts, and Qualified Experts.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now