<gimme_this_gimme_that@xxxxxx> wrote in message
news:c010b1ed-1691-487b-b071-359b63d5168b@xxxxxx
> Richard Mueller made this comment about his AddToGroup.vbs script:
>
> ---
> A quick comment. Rather than maintaining a list of users,
> you could create a domain group. Make the users members of
> the domain group, then make the domain group a member of
> the local group on each computer. The machine local group
> is altered once, then thereafter the list is maintained by
> altering the domain group membership.
> ---
>
> What is the difference between a domain group and a local group. A local group is a group defined on a computer that is not a domain
controller. A domain group is defined on all of the domain controllers in a
domain.
Of course, a domain group can be Universal, domain global, or domain local,
whereas a computer local group can only be local.
> Could someone provide a longer version of this quick comment? This is kind of out of context, but, assuming that the local group in
question is the local administrators group and that you had a group of
domain users who were all to be given administrator access to the computers
in question, you would create a domain global group in the same domain in
which the user accounts exist. You would then add the users to this group.
Then on each computer you would add the above mentioned domain group as a
member of the local administrators group.
I don't know if that is longer or shorter, however, managing groups this way
is a very common activity for administrators. But this has nothing to do
with scripting, per se, so perhaps you should spend some time in an active
directory newsgroup to pick up on this aspect of your problem.
/Al