Running AD 2008, one domain.
We have a finance application and we need to assign permissions to an object. For the people we want to assign these permissions to, there is already a Domain Local group set up, DLGroup1, which we can use.
The vendor is saying to a Global group though, which means we either need to create a seperate Global group containing these exact users, or modify DLGroup1 to become a Global group.
Some questions -
1. What is the impact of changing DLGroup1 from a Domain Local to a Global group?
2. From what I understand, Global groups should be placed in Domain Local groups, and the permissions actually given to the Domain Local groups, is there anyway why the vendor should say the permissions should be set to the Global group?
3. Re. the point above, what's the reason for having Global groups in a Domain Local group and setting the permissions for the Domain Local group?