Vista - Difference between a domain group and a local group

Richard Mueller made this comment about his AddToGroup.vbs script:

---
A quick comment. Rather than maintaining a list of users,
you could create a domain group. Make the users members of
the domain group, then make the domain group a member of
the local group on each computer. The machine local group
is altered once, then thereafter the list is maintained by
altering the domain group membership.
---

What is the difference between a domain group and a local group.

Could someone provide a longer version of this quick comment?

Thanks.

Nevermind.

The idea behind AddToGroup.vbs was to add users to a computer's local
group and creating a domain group to manage membership was the tip.

Got it.

<gimme_this_gimme_that@xxxxxx> wrote in message
news:c010b1ed-1691-487b-b071-359b63d5168b@xxxxxxA local group is a group defined on a computer that is not a domain
controller. A domain group is defined on all of the domain controllers in a
domain.

Of course, a domain group can be Universal, domain global, or domain local,
whereas a computer local group can only be local.
This is kind of out of context, but, assuming that the local group in
question is the local administrators group and that you had a group of
domain users who were all to be given administrator access to the computers
in question, you would create a domain global group in the same domain in
which the user accounts exist. You would then add the users to this group.

Then on each computer you would add the above mentioned domain group as a
member of the local administrators group.

I don't know if that is longer or shorter, however, managing groups this way
is a very common activity for administrators. But this has nothing to do
with scripting, per se, so perhaps you should spend some time in an active
directory newsgroup to pick up on this aspect of your problem.

/Al

Thanks Al.

I learned something from your post.