Microsoft KB Archive/884417

= Using domain local groups, global groups, and universal groups in a BizTalk Server 2004 server group =

Article ID: 884417

Article Last Modified on 11/14/2007

-

APPLIES TO


 * Microsoft BizTalk Server 2004 Enterprise Edition
 * Microsoft BizTalk Server 2004 Developer Edition
 * Microsoft BizTalk Server 2004 Partner Edition
 * Microsoft BizTalk Server 2004 Standard Edition

-





INTRODUCTION
This article compares using domain local groups and domain global groups in the Active Directory directory service for a Microsoft BizTalk Server 2004 server group.



MORE INFORMATION
A domain local group is a security or distribution group that can contain universal groups, global groups, other domain local groups from its own domain, and accounts from any domain in the forest. You can give domain local security groups rights and permissions on resources that reside only in the same domain where the domain local group is located.

A global group is a group that can be used in its own domain, in member servers and in workstations of the domain, and in trusting domains. In all those locations, you can give a global group rights and permissions and the global group can become a member of local groups. However, a global group can contain user accounts that are only from its own domain.

A universal group is a security or distribution group that contains users, groups, and computers from any domain in its forest as members. You can give universal security groups rights and permissions on resources in any domain in the forest. Universal groups are not supported.

If you plan to use one domain for all your servers and no Wide Area Network (WAN) exists, we recommend that you use domain local groups. For a local domain, the global catalog is not used.

Note The Electronic Data Interchange (EDI) adaptor is not designed to be configured for domain local groups. It must be configured for domain global groups.

If you plan to have a multiple-domain topology, and the following conditions are true, we recommend that you use domain global groups:
 * The SQL Server-based server is in a data center.
 * You have a perimeter network (also known as DMZ, demilitarized zone, and screened subnet).



MORE INFORMATION
For information about Windows Group and User Accounts in BizTalk Server, visit the following Microsoft Developer Network Web site:

http://msdn2.microsoft.com/en-us/library/ms942440.aspx

Additional query words: GC

Keywords: kbinfo kbtshoot kbbtsadapters KB884417

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.