[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Populating an OU

Posted on 2006-07-16
8
Medium Priority
?
531 Views
Last Modified: 2008-05-30
Hi,

I am new to the whole OU set-up and need to get some clarification on how I can achieve my aim.

What I want to do is as follows:

I have users that will use a roaming profile, I have added them to a group called "Roaming" I have created an OU called Roaming. What I want to do is apply a Group Policy to the Roaming OU which in turn will contain the Roaming group. I can create a new Group Policy Object Editor on the domain which I will want to use to set the control on the Roaming OU. How do I get the Group Policy Object Editor to be applied to the Roaming OU? - Is this the correct way to go about this to achieve my aim?

Thanks,

jonathanr
0
Comment
Question by:jonathanr
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 9

Accepted Solution

by:
NYtechGuy earned 180 total points
ID: 17119012
jonathan-

You pretty much have the right idea.  However, I've haven't done it the way you are proposing.

What I have always done is this:

- Create OU (Example:  Roaming Users)
- Create Group Policy Object (GPO)
- Link GPO to OU I created in step 1
- Add/move users *into* OU called "Roaming Users".

I am not sure if your way of applying the GPO to an OU containing a group which contains the users will work.  I have only populated OUs for GPO purposes with Users or Computers.  I have only used security groups for other purposes (file/folder permissions, etc)

THanks,

Justin
0
 

Author Comment

by:jonathanr
ID: 17119054
Thanks Justin,

Can you detail how I would "- Link GPO to OU I created in step 1"

thanks,

jonathanr
0
 
LVL 15

Assisted Solution

by:Juan Ocasio
Juan Ocasio earned 180 total points
ID: 17119402
When you create the OU, Right-Click on the OU and select properties.  Then select the Group Policy Tab and create your GPO there.  You can then drag and drop (new in Win 2003) the objects - users- you want to apply the GPO to.

HTH

jocasio
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
LVL 15

Expert Comment

by:Juan Ocasio
ID: 17119416
Oh  I am assming you have Win 2003.  If you have 2000, you would select the object you want to move and select 'Move...'

jocasio
0
 

Author Comment

by:jonathanr
ID: 17119937
Hi jocasio123,

OK, it is 2003. I have done what you said but I cannot get any of the modifications that I am testing with to show up on the test user when they log in. I have got "No Override" set on the policy in the OU and I have played with the "Block inheritance" option too - do you have an idea where I am going wrong?

Thanks,

jonathanr
0
 
LVL 1

Assisted Solution

by:rickardc
rickardc earned 140 total points
ID: 17121737
Group policys are applied to user and computer objects, NOT groups.  To make it work, you will have to move the user account (and the computer account if you want to make computer settings) to the OU where your group policy is linked.

Are you creating your group policy through active directory user and computers?

A much better (and free) tool is the group policy management console (GPMC) from microsoft.  You can downlaod it from here.  http://www.microsoft.com/downloads/details.aspx?FamilyID=0a6d4c24-8cbd-4b35-9272-dd3cbfc81887&DisplayLang=en

In the GPMC, there's a section down the bottom called group policy results, and it'll show you all the settings that will be applied to a user / computer object.
0
 
LVL 15

Expert Comment

by:Juan Ocasio
ID: 17125806
jonathanr:

rickardc is correct.  I had to reread your initial post when I read his post.  Add the users to the OU.  Once you do this, you should be good to go.  You also have to wait until the GPO propagates

HTH

jocasio
0
 
LVL 9

Expert Comment

by:NYtechGuy
ID: 17125849


helpful command line (on XP clients):

gpupdate /force

this will force rereading of GPO and apply them to the machine - without a reboot

thanks,

justin
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
Let's recap what we learned from yesterday's Skyport Systems webinar.
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

872 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question