Solved

OU not working quite right

Posted on 2008-10-19
5
198 Views
Last Modified: 2012-05-05
I have created an OU in AD but it is not showing up (or resolving contents) when attempting to use it.

Let's say the OU name is "HostedUsers".  I create a couple of security groups within that OU.  I then create another OU as a child of "HostedUsers" - let's call it "BobsUsers".  Within BobsUsers I create a few security groups.  My goal is to make a security group within BobsUsers a member of a security group in HostedUsers.  I enter the name of the security group in the Members Of "add" screen and it doesn't resolve.  Doing an advanced find from that location shows no contents (none of BobsUsers' or HostedUsers groups appear).

As a test I just created the same thing on another AD domain and everything worked fine.

There are no related errors in the event log that point me in the right direction.

Does anyone have any suggestions?
0
Comment
Question by:NotClever
  • 3
  • 2
5 Comments
 
LVL 30

Expert Comment

by:LauraEHunterMVP
ID: 22754701
The OU location of a security group within a single domain has no bearing on group nesting.

What is the functional level of your domain/forest?

What is the scope of the groups that you are attempting to nest, as not all group scopes can be nested within all other group scopes, dependent on the DFL/FFL of your domain and forest.
0
 

Author Comment

by:NotClever
ID: 22754742
Thanks for the quick response!

The domain/forest is at Windows Server 2003 Native functional level.
The groups being created are Global scope.
0
 

Author Comment

by:NotClever
ID: 22754748
Argh!  Correction, the functional level is Windows 2000 mixed for the domain, and Windows 2000 for the forest.

I was thinking of another AD domain.
There is no reason it cannot be at Windows Server 2003 level, do you think I should upgrade it?
Thanks again! - Eric.
0
 
LVL 30

Accepted Solution

by:
LauraEHunterMVP earned 500 total points
ID: 22754755
If all of your DCs are running Windows Server 2003, you can upgrade the DFL/FFL to 2003.  At 2000 mixed mode, you cannot nest one global group inside of another.
0
 

Author Closing Comment

by:NotClever
ID: 31507689
Thanks again for your super-fast response.  I've added your blog to my RSS feed.  Love the URL for it :)  If you're ever in the Tampa area at a user group, I'll be sure to swing by! - Eric.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Do you have users whose passwords are expiring and they are constantly calling you?  Well I sure did and needed a way to put an end to this.  We have a lot of remote users which would not be notified that their passwords were expiring since they wer…
Resolve DNS query failed errors for Exchange
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now