?
Solved

OU not working quite right

Posted on 2008-10-19
5
Medium Priority
?
206 Views
Last Modified: 2012-05-05
I have created an OU in AD but it is not showing up (or resolving contents) when attempting to use it.

Let's say the OU name is "HostedUsers".  I create a couple of security groups within that OU.  I then create another OU as a child of "HostedUsers" - let's call it "BobsUsers".  Within BobsUsers I create a few security groups.  My goal is to make a security group within BobsUsers a member of a security group in HostedUsers.  I enter the name of the security group in the Members Of "add" screen and it doesn't resolve.  Doing an advanced find from that location shows no contents (none of BobsUsers' or HostedUsers groups appear).

As a test I just created the same thing on another AD domain and everything worked fine.

There are no related errors in the event log that point me in the right direction.

Does anyone have any suggestions?
0
Comment
Question by:NotClever
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 30

Expert Comment

by:LauraEHunterMVP
ID: 22754701
The OU location of a security group within a single domain has no bearing on group nesting.

What is the functional level of your domain/forest?

What is the scope of the groups that you are attempting to nest, as not all group scopes can be nested within all other group scopes, dependent on the DFL/FFL of your domain and forest.
0
 

Author Comment

by:NotClever
ID: 22754742
Thanks for the quick response!

The domain/forest is at Windows Server 2003 Native functional level.
The groups being created are Global scope.
0
 

Author Comment

by:NotClever
ID: 22754748
Argh!  Correction, the functional level is Windows 2000 mixed for the domain, and Windows 2000 for the forest.

I was thinking of another AD domain.
There is no reason it cannot be at Windows Server 2003 level, do you think I should upgrade it?
Thanks again! - Eric.
0
 
LVL 30

Accepted Solution

by:
LauraEHunterMVP earned 2000 total points
ID: 22754755
If all of your DCs are running Windows Server 2003, you can upgrade the DFL/FFL to 2003.  At 2000 mixed mode, you cannot nest one global group inside of another.
0
 

Author Closing Comment

by:NotClever
ID: 31507689
Thanks again for your super-fast response.  I've added your blog to my RSS feed.  Love the URL for it :)  If you're ever in the Tampa area at a user group, I'll be sure to swing by! - Eric.
0

Featured Post

Want to be a Web Developer? Get Certified Today!

Enroll in the Certified Web Development Professional course package to learn HTML, Javascript, and PHP. Build a solid foundation to work toward your dream job!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question