Solved

OU not working quite right

Posted on 2008-10-19
5
205 Views
Last Modified: 2012-05-05
I have created an OU in AD but it is not showing up (or resolving contents) when attempting to use it.

Let's say the OU name is "HostedUsers".  I create a couple of security groups within that OU.  I then create another OU as a child of "HostedUsers" - let's call it "BobsUsers".  Within BobsUsers I create a few security groups.  My goal is to make a security group within BobsUsers a member of a security group in HostedUsers.  I enter the name of the security group in the Members Of "add" screen and it doesn't resolve.  Doing an advanced find from that location shows no contents (none of BobsUsers' or HostedUsers groups appear).

As a test I just created the same thing on another AD domain and everything worked fine.

There are no related errors in the event log that point me in the right direction.

Does anyone have any suggestions?
0
Comment
Question by:NotClever
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 30

Expert Comment

by:LauraEHunterMVP
ID: 22754701
The OU location of a security group within a single domain has no bearing on group nesting.

What is the functional level of your domain/forest?

What is the scope of the groups that you are attempting to nest, as not all group scopes can be nested within all other group scopes, dependent on the DFL/FFL of your domain and forest.
0
 

Author Comment

by:NotClever
ID: 22754742
Thanks for the quick response!

The domain/forest is at Windows Server 2003 Native functional level.
The groups being created are Global scope.
0
 

Author Comment

by:NotClever
ID: 22754748
Argh!  Correction, the functional level is Windows 2000 mixed for the domain, and Windows 2000 for the forest.

I was thinking of another AD domain.
There is no reason it cannot be at Windows Server 2003 level, do you think I should upgrade it?
Thanks again! - Eric.
0
 
LVL 30

Accepted Solution

by:
LauraEHunterMVP earned 500 total points
ID: 22754755
If all of your DCs are running Windows Server 2003, you can upgrade the DFL/FFL to 2003.  At 2000 mixed mode, you cannot nest one global group inside of another.
0
 

Author Closing Comment

by:NotClever
ID: 31507689
Thanks again for your super-fast response.  I've added your blog to my RSS feed.  Love the URL for it :)  If you're ever in the Tampa area at a user group, I'll be sure to swing by! - Eric.
0

Featured Post

Enroll in June's Course of the Month

June’s Course of the Month is now available! Experts Exchange’s Premium Members, Team Accounts, and Qualified Experts have access to a complimentary course each month as part of their membership—an extra way to sharpen your skills and increase training.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article outlines the process to identify and resolve account lockout in an Active Directory environment.
Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question