Skip navigation

JSI Tip 5214. Windows 2000 Server Help is incorrect when it says that security groups with universal scope cannot be created in a native-mode domain

To view the incorrect statement:

1. Press Start and Help.

2. Select the Index tab.

3. Type Active Directory groups.

4. Double-click scopes, overview.

The second row of the Universal scope column contain:

In native-mode domains, security groups with universal scope cannot be created.

The following table is the current TechNet offering:

Universal scope

Global scope

Domain local scope

When the domain functional level is set to Windows 2000 native or Windows Server 2003, members of universal groups can include accounts, global groups, and universal groups from any domain.

When the domain functional level is set to Windows 2000 native or Windows Server 2003, members of global groups can include accounts and global groups from the same domain.

When the domain functional level is set to Windows 2000 native or Windows Server 2003, members of domain local scope can include accounts, global groups, and universal groups from any domain, as well as domain local groups from the same domain.

When the domain functional level is set to Windows 2000 mixed, security groups with universal scope cannot be created.

When the domain functional level is set to Windows 2000 mixed, members of global groups can include accounts from the same domain.

When the domain functional level is set to Windows 2000 mixed, members of domain local groups can include accounts and global groups from any domain.

When the domain functional level is set to Windows 2000 native or Windows Server 2003, groups can be added to other groups and assigned permissions in any domain.

Groups can be added to other groups and assigned permissions in any domain.

Groups can be added to other domain local groups and assigned permissions only in the same domain.

Groups can be converted to domain local scope. Groups can be converted to global scope, as long as no other universal groups exist as members.

Groups can be converted to universal scope, as long as the group is not a member of any other group with global scope.

Groups can be converted to universal scope, as long as the group does not have as its member another group with domain local scope.



Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish