Use local AD groups

<< Display table of contents >>

Navigation:  Start > Install & Config > Change configuration > File server (FS) change configuration > Manage global settings for FS changes > Basic settings > Set AD group types for the Group Wizard >

Use local AD groups

A -> DL -> P

A - account (user-account)

DL - domain local group (local AD group)

P - permission

 

8.0 EN using local AD groups 01

 

1.8MAN creates AD groups with the type local.

2.8MAN adds the required users to this group.

3.8MAN assigns permissions to file server resources for this group.

 

 

Advantages

 

Disadvantages

Users and groups from other domains or forests can be a member of a local AD group and thereby be assigned permissions.

 

Membership in a local group requires 40 bytes of storage in the Kerberos token. This can cause Kerberos token size to be exceeded, especially in large environments, where users have a large number of group memberships.

Local AD-groups are only visible and applicable in their assigned domain.