[Webinar] Streamline your web hosting managementRegister Today

x
?
Solved

ACtive directory and OUs

Posted on 2014-10-16
6
Medium Priority
?
79 Views
Last Modified: 2014-10-21
I have an Organizational Unit called “users” and  a user, “Kevin” is a member of that OU. If I  apply a group policy, “force password change” (name of it for example)  to that OU than that group policy gets applied to my user every time he logs into his workstation.  Which is great… that’s what I want.

But if I make another OU and call it “outlook” and in it I make a security group and lets say I call them “outlookrestrictions” and I make Kevin a member of that group, how come this OU does not get applied? (see attached)
Capture.JPG
0
Comment
Question by:MrMay
6 Comments
 
LVL 19

Expert Comment

by:Miguel Angel Perez Muñoz
ID: 40384442
I don´t remember GPO affects group members, only users.

Could do an RSOP of kevin and confirm?
0
 
LVL 57

Accepted Solution

by:
Mike Kline earned 2000 total points
ID: 40384448
Group policies don't apply to groups only to users and computers.  You can use groups to limit who the GPO is applied to within the OU (called security filtering)   http://technet.microsoft.com/en-us/library/cc728301(v=ws.10).aspx

Thanks

Mike
0
 
LVL 61

Expert Comment

by:Cliff Galiher
ID: 40384449
Security groups are a different type of object. Group policies *only* apply to two types of objects. Users and computers. You can *filter* which users and computers process group policies by using the security filtering mechanism. But the engine that processes group policies will not enumerate security groups in an OU. There are a lot of reasons for this, namely around the complications it'd add to precedence predictability and performance reasons, but since security group filters allow the same basic effect without those issues, I wouldn't expect this behavior to change any time soon.
0
Free tool for managing users' photos in Office 365

Easily upload multiple users’ photos to Office 365. Manage them with an intuitive GUI and use handy built-in cropping and resizing options. Link photos with users based on Azure AD attributes. Free tool!

 

Author Comment

by:MrMay
ID: 40384459
i have tried RSOP.. and that specific group policy is not being applied.  so there is no way of making the group policy apply to that group that Kevin is a member of?
0
 
LVL 3

Expert Comment

by:Glingo
ID: 40384480
Hi MrMay,

I don't know about the entire OU but you can do it for the security group:

Go to your group policy in gpmc, select the last tab (I guess it's delegation in English), add your outlookrestrictions security group in there, then select it and click on the advanced button to the bottom right. In there select the security group then check the deny box for the "apply group strategy" setting. If you do that your GPO won't apply to this security group.
0
 
LVL 61

Expert Comment

by:Cliff Galiher
ID: 40384483
Not by only having the group in an OU and applying it to that OU, no. You can apply it to any upstream OU that Kevin is nested in and then add a security filter using that group so *only* members of that group will actually process the OU. That process works just fine.
0

Featured Post

The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
Scripts are great for performing batch jobs against users, however sometimes the GUI is all you need.
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

607 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question