Solved

Populating an OU

Posted on 2006-07-16
8
509 Views
Last Modified: 2008-05-30
Hi,

I am new to the whole OU set-up and need to get some clarification on how I can achieve my aim.

What I want to do is as follows:

I have users that will use a roaming profile, I have added them to a group called "Roaming" I have created an OU called Roaming. What I want to do is apply a Group Policy to the Roaming OU which in turn will contain the Roaming group. I can create a new Group Policy Object Editor on the domain which I will want to use to set the control on the Roaming OU. How do I get the Group Policy Object Editor to be applied to the Roaming OU? - Is this the correct way to go about this to achieve my aim?

Thanks,

jonathanr
0
Comment
Question by:jonathanr
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 9

Accepted Solution

by:
NYtechGuy earned 45 total points
ID: 17119012
jonathan-

You pretty much have the right idea.  However, I've haven't done it the way you are proposing.

What I have always done is this:

- Create OU (Example:  Roaming Users)
- Create Group Policy Object (GPO)
- Link GPO to OU I created in step 1
- Add/move users *into* OU called "Roaming Users".

I am not sure if your way of applying the GPO to an OU containing a group which contains the users will work.  I have only populated OUs for GPO purposes with Users or Computers.  I have only used security groups for other purposes (file/folder permissions, etc)

THanks,

Justin
0
 

Author Comment

by:jonathanr
ID: 17119054
Thanks Justin,

Can you detail how I would "- Link GPO to OU I created in step 1"

thanks,

jonathanr
0
 
LVL 14

Assisted Solution

by:Juan Ocasio
Juan Ocasio earned 45 total points
ID: 17119402
When you create the OU, Right-Click on the OU and select properties.  Then select the Group Policy Tab and create your GPO there.  You can then drag and drop (new in Win 2003) the objects - users- you want to apply the GPO to.

HTH

jocasio
0
 
LVL 14

Expert Comment

by:Juan Ocasio
ID: 17119416
Oh  I am assming you have Win 2003.  If you have 2000, you would select the object you want to move and select 'Move...'

jocasio
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 

Author Comment

by:jonathanr
ID: 17119937
Hi jocasio123,

OK, it is 2003. I have done what you said but I cannot get any of the modifications that I am testing with to show up on the test user when they log in. I have got "No Override" set on the policy in the OU and I have played with the "Block inheritance" option too - do you have an idea where I am going wrong?

Thanks,

jonathanr
0
 
LVL 1

Assisted Solution

by:rickardc
rickardc earned 35 total points
ID: 17121737
Group policys are applied to user and computer objects, NOT groups.  To make it work, you will have to move the user account (and the computer account if you want to make computer settings) to the OU where your group policy is linked.

Are you creating your group policy through active directory user and computers?

A much better (and free) tool is the group policy management console (GPMC) from microsoft.  You can downlaod it from here.  http://www.microsoft.com/downloads/details.aspx?FamilyID=0a6d4c24-8cbd-4b35-9272-dd3cbfc81887&DisplayLang=en

In the GPMC, there's a section down the bottom called group policy results, and it'll show you all the settings that will be applied to a user / computer object.
0
 
LVL 14

Expert Comment

by:Juan Ocasio
ID: 17125806
jonathanr:

rickardc is correct.  I had to reread your initial post when I read his post.  Add the users to the OU.  Once you do this, you should be good to go.  You also have to wait until the GPO propagates

HTH

jocasio
0
 
LVL 9

Expert Comment

by:NYtechGuy
ID: 17125849


helpful command line (on XP clients):

gpupdate /force

this will force rereading of GPO and apply them to the machine - without a reboot

thanks,

justin
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Windows 7 does not have the best desktop search built in. This is something Windows 7 users have struggled with. You type something in, and your search results don’t always match what you are looking for, or it doesn’t actually work at all. There ar…
I use more than 1 computer in my office for various reasons. Multiple keyboards and mice take up more than just extra space, they make working a little more complicated. Using one mouse and keyboard for all of my computers makes life easier. This co…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now