Solved

Redirecting the users and computers containers in Server 2003

Posted on 2008-06-18
1
379 Views
Last Modified: 2008-07-01
This is more of a "what are others doing" as apposed to a question.  We operate in a fairly large enterprise environment spread over geographical areas.  Each office has different needs thus different security groups/OU/GPO's and what have you.  As we all know when a user or computer account is created they by default will land in the users/computers containers.  Well, again as we all know, you are unable to link GPO's to containers.  I know you can "redirect" the default locations with the following Microsoft KB: http://support.microsoft.com/kb/324949.  If we were to do this, then all user and computer accounts would go to the new OU's respectivly.  So lets say we just did the redirect and linked GPO's to those new locations.  A member on the server team joins a computer to the domain, it woud automatically go to that new "Default' OU we created for computer and would inherit the GPO's linked to the OU.  Well, the problem is we linked "Workstation" GPO's to that new OU, and now our servers get the Workstations GPO's.  Now, we could link all GPO's to the new "Default" OU and do WMI filtering to seperate the Workstations from the Servers, but this is now getting pretty complicated and i want to keep it KISS.  I guess idealy, is there a way for AD to understand the following:  If you're a member of Group X, when you join a computer to the domain it goes to OU A, if your a member of Group Y, then when that person joins the computer to a domain it goes to OU B.  I hope i'm explaining this clearly as it's pretty complicated.  I know we can prestage these accounts but i'm trying to make it as simply as possible and as automated as possible.  Any ideas and recommendations of what others are doing would be much appreciated.

Thanks!
0
Comment
Question by:esbfern
1 Comment
 
LVL 3

Accepted Solution

by:
Monaji earned 500 total points
ID: 21812563
They way I have it configured for a client is, I don't apply any policies to the Redirect workstation and User OU, if a user get's created or q workstation is added they have to manually move it to the correct OU and Group.
You can also filter the policy to only apply to a group the contains only Workstations.
You can create a script to move objects to correct OU after they get added to AD. But somebody have to run th script. When a user add a Workstation to the domain, he will run a workstation script that will move the workstation to the correct OU, and the same thing for a server.
There is no way you will be able to do it the way you want with Group X and Y
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Account lockouts 22 68
local administrator password solution 26 73
Mac devices Integration with Active Directory 3 45
Office 365 & Microsoft Azure 8 51
Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

919 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now