Universal Groups

Posted on 2007-08-07
Last Modified: 2010-04-18
I have 2 forests with a forest root domain in both, (A and B).  There is a one way forest trust between them so forest B trusts A.  I have several users in forest A in a global group.  Sould I put them in a Universal group and apply the universal group to a resource in domain B ?  

Whats best practice for this ?
Question by:tickleonthetum
    LVL 58

    Expert Comment

    That sounds like the way to do it, your trust between forest B and A will mean the universal level group will be accessible.

    LVL 51

    Accepted Solution

    In the Trusting domain, create a Domain Local group.
    Assign permissions to the resource to this new group.
    Add the Global Group from the Trusted domain into this Domain Local Group.

    Use UGs sparingly.

    LVL 31

    Expert Comment

    by:Toni Uranjek
    Universal groups are only to be used in single forest with multiple domains environment (my opinion more than three domains). Use global groups in multiple forest scenarios instead as already suggested.

    Author Comment

    thanks guys.

    Featured Post

    Enabling OSINT in Activity Based Intelligence

    Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

    Join & Write a Comment

    Starting in Windows Server 2008, Microsoft introduced the Group Policy Central Store. This automatically replicating location allows IT administrators to have the latest and greatest Group Policy (GP) configuration settings available. Let’s expl…
    Installing a printer using group policy preferences is not that hard let’s take a look at it. First lets open up your group policy console and edit the policy you want to add it to. I recommend creating a new policy for each printer makes it a l…
    This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

    754 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    24 Experts available now in Live!

    Get 1:1 Help Now