Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

OU not working quite right

Posted on 2008-10-19
5
202 Views
Last Modified: 2012-05-05
I have created an OU in AD but it is not showing up (or resolving contents) when attempting to use it.

Let's say the OU name is "HostedUsers".  I create a couple of security groups within that OU.  I then create another OU as a child of "HostedUsers" - let's call it "BobsUsers".  Within BobsUsers I create a few security groups.  My goal is to make a security group within BobsUsers a member of a security group in HostedUsers.  I enter the name of the security group in the Members Of "add" screen and it doesn't resolve.  Doing an advanced find from that location shows no contents (none of BobsUsers' or HostedUsers groups appear).

As a test I just created the same thing on another AD domain and everything worked fine.

There are no related errors in the event log that point me in the right direction.

Does anyone have any suggestions?
0
Comment
Question by:NotClever
  • 3
  • 2
5 Comments
 
LVL 30

Expert Comment

by:LauraEHunterMVP
ID: 22754701
The OU location of a security group within a single domain has no bearing on group nesting.

What is the functional level of your domain/forest?

What is the scope of the groups that you are attempting to nest, as not all group scopes can be nested within all other group scopes, dependent on the DFL/FFL of your domain and forest.
0
 

Author Comment

by:NotClever
ID: 22754742
Thanks for the quick response!

The domain/forest is at Windows Server 2003 Native functional level.
The groups being created are Global scope.
0
 

Author Comment

by:NotClever
ID: 22754748
Argh!  Correction, the functional level is Windows 2000 mixed for the domain, and Windows 2000 for the forest.

I was thinking of another AD domain.
There is no reason it cannot be at Windows Server 2003 level, do you think I should upgrade it?
Thanks again! - Eric.
0
 
LVL 30

Accepted Solution

by:
LauraEHunterMVP earned 500 total points
ID: 22754755
If all of your DCs are running Windows Server 2003, you can upgrade the DFL/FFL to 2003.  At 2000 mixed mode, you cannot nest one global group inside of another.
0
 

Author Closing Comment

by:NotClever
ID: 31507689
Thanks again for your super-fast response.  I've added your blog to my RSS feed.  Love the URL for it :)  If you're ever in the Tampa area at a user group, I'll be sure to swing by! - Eric.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Resolve DNS query failed errors for Exchange
This article runs through the process of deploying a single EXE application selectively to a group of user.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question