TIA_IT
asked on
Change Default Domain Users to OU level users
I have a domain that spans many sites. I have set up AD to geographically indicate where each site is based on the continent they are located. Every site has an admin there and the OU for that site has delegated control to him/her to administer their respective site. Each site OU has four containers, Groups, Users, Computers, and Servers. I would like to change something.... When a site admin creates a new user, I would like it to default to the Users folder in that site's OU instead of Domain Users or Users. I hope this makes sense and how do I accomplish that?
TIA!!
TIA!!
Keep in mind that redirusr will only allow you to redirect to a single OU; it does not have the necessary logic to say "Houston users should go in the Houston OU, Charlotte Users should go in the Charlotte OU", etc. For that level of granularity you'll need some sort of provisioning system, either home-grown or purchased from a third-party vendor.
Redirusr will allow you to say "All new users created will go to the NewUsersOU rather than the Users Containter", nothing more.
Hope this helps.
Laura E. Hunter - Microsoft MVP: Windows Server - Networking
Redirusr will allow you to say "All new users created will go to the NewUsersOU rather than the Users Containter", nothing more.
Hope this helps.
Laura E. Hunter - Microsoft MVP: Windows Server - Networking
ASKER
Laura, actually that's what I'm looking for. My Boston admin has a BST OU and a Users folder. When he creates a new user, that user gets bst+first initial+lastname and I would like that user account to be located in the Users folder in BST with memberships of BST-GG-ALL_USERS. Same would go for any other of the 135 sites that we have. The site admin creates the user, and the new account gets created in the respective OU for that site under Users, along with defaulted membership to the global group for ALL_USERS for that site.
So what I'm asking for is a third party deal?
So what I'm asking for is a third party deal?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
No comment has been added to this question in more than 21 days, so it is now classified as abandoned.
I will leave the following recommendation for this question in the Cleanup Zone:
ACCEPT: LauraEHunterMVP {18845805}
Any objections should be posted here in the next 4 days. After that time, the question will be closed.
Chris-Dent
Experts Exchange Cleanup Volunteer
Redirecting CN=Users to an administrator-specified organizational unit
1. Log on with domain administrator credentials in the z domain where the CN=Users container is being redirected.
2. Transition the domain to the Windows Server 2003 domain functional level in either the Active Directory Users and Computers snap-in (Dsa.msc) or the Domains and Trusts (Domains.msc) snap-in. For additional information about increasing the domain functional level, click the following article number to view the article in the Microsoft Knowledge Base:
322692 (http://support.microsoft.com/kb/322692/) How to raise domain and forest functional levels in Windows Server 2003
3. Create the organizational unit container where you want users that are created with earlier-version APIs to reside (if the desired OU container does not already exist).
4. Run Redirusr.exe from the command prompt by using the following syntax, where container-dn is the distinguished name of the organizational unit that will become the default location for newly-created user objects created by down-level APIs:
c:\windows\system32\rediru
Redirusr is installed in the %SystemRoot%\System32 folder on new and upgraded Windows Server 2003-based computers. For example, to change the default location for users created with down-level APIs such as Net User to the OU=Users OU container in the CORP.COM domain, use the following syntax:
c:\windows\system32>rediru