Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

Using domain local groups, global groups, and universal groups in a BizTalk Server 2004 server group


View products that this article applies to.

Introduction

This article compares using domain local groups and domain global groups in the Active Directory directory service for a Microsoft BizTalk Server 2004 server group.

↑ Back to the top


More information

A domain local group is a security or distribution group that can contain universal groups, global groups, other domain local groups from its own domain, and accounts from any domain in the forest. You can give domain local security groups rights and permissions on resources that reside only in the same domain where the domain local group is located.

A global group is a group that can be used in its own domain, in member servers and in workstations of the domain, and in trusting domains. In all those locations, you can give a global group rights and permissions and the global group can become a member of local groups. However, a global group can contain user accounts that are only from its own domain.

A universal group is a security or distribution group that contains users, groups, and computers from any domain in its forest as members. You can give universal security groups rights and permissions on resources in any domain in the forest. Universal groups are not supported.

If you plan to use one domain for all your servers and no Wide Area Network (WAN) exists, we recommend that you use domain local groups. For a local domain, the global catalog is not used.

Note The Electronic Data Interchange (EDI) adaptor is not designed to be configured for domain local groups. It must be configured for domain global groups.

If you plan to have a multiple-domain topology, and the following conditions are true, we recommend that you use domain global groups:
  • The SQL Server-based server is in a data center.
  • You have a perimeter network (also known as DMZ, demilitarized zone, and screened subnet).

↑ Back to the top


More information

For information about Windows Group and User Accounts in BizTalk Server, visit the following Microsoft Developer Network Web site:

↑ Back to the top


Keywords: KB884417, kbinfo, kbbtsadapters, kbtshoot

↑ Back to the top

Article Info
Article ID : 884417
Revision : 5
Created on : 11/14/2007
Published on : 11/14/2007
Exists online : False
Views : 464