Active Directory + OU's.
Posted on 2006-06-19
Ok guys, this may be a simplistic one but its bugging me.
Basically, I have a domain policy and I am aware that any changes that apply to this domain policy will apply to all usernames.
So a password policy would reside here.
However, I need to apply policy rules to ALL users but NOT server logins.
Applying any settings at the domain level will affect server logins too.
So, I thought of this and just wondering if it would work.
Firstly, each department has an OU. (Marketing, Finance, Developers, etc.. etc...)
Could I put all the company users in an OU called, <COMPANY NAME USERS> for example... and keep the servers out of this OU.
If for example I want to apply a setting to ALL users but NOT servers, all I have to do is apply the setting to the <COMPANY NAME USERS> OU.
Its just I have so many OU's, Each OU has its personal settings and some personal settings need to go accross the board.
The server logins need to be supressed from any USER change. I dont want to affect these logins at all.
A fine example would be:
Finance needs to access the CD-ROM. (This would be in the Finanace OU)
Support doesnt need to access the CD-ROM. (This would recide in the Support OU)
However both groups need to have personalised menus. (This would be the newly created COMPANY NAME USERS> OU which contains them both.