?
Solved

Setting up Item Level Targeting in GPO using AD attribute

Posted on 2014-10-16
3
Medium Priority
?
1,449 Views
Last Modified: 2014-10-16
I am new to Group Policy Management. I was tasked with creating Item Level Targeting for Internet Explorer 10.  I am having trouble getting it to work. First thing you should know is that I cant even get the IE10 template to work on Windows 7. I have to do this all on a Windows 8 machine. The policy is supposed to push to all Windows 7 machines though.

Our Active Directory contains an OU called User_Accounts. Within this OU are multiple OUs relating to different businesses that we own. In each of these OUs contain the user accounts. Users are in different departments so the department attribute is populated with, lets say, Information Technology, Accounting, Human Resources, etc.

OU=User_Accounts,DC=mydomain,DC=com

The Item Level Targeting that I would like to do is as follows.

Query all users within User_Accounts. Look at their department attribute. If their department says:
Information Technology --> Make their home page google.com
Accounting --> Make their home page yahoo.com
Human Resources --> Make their home page MSN.com

So, I looked through a few sites and came up with some options that did not work. Here is what I tried.

Filter: (&(objectclass=user)(objectcategory=person))
Binding: LDAP:
Attribute: department
Environmental Var: Information Technology

Filter: (&(objectclass=user)(objectcategory=person))
Binding: LDAP://OU=User_Accounts,DC=mydomain,DC=com
Attribute: department
Environmental Var: Information Technology

Filter: (&(objectClass=user)(sAMAccountName=%USERNAME%))
Binding: LDAP://OU=User_Accounts,DC=mydomain,DC=com
Attribute: department
Environmental Var: Information Technology

Filter: ://OU=User_Accounts,DC=mydomain,DC=com
Binding: LDAP:
Attribute: department
Environmental Var: Information Technology


I will continue to look for a way to get it to work but if someone understands what I would like to do, and sees what I am doing wrong, please let me know. I do not want to create Security Groups for this. I would specifically prefer Item Level Targeting unless it is not possible.

Thanks.
0
Comment
Question by:prologic08
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 16

Accepted Solution

by:
Joshua Grantom earned 2000 total points
ID: 40384673
I would include the department in your filter. Have you tried that?

(&(objectCategory=person)(objectClass=user)(department=Information Technology))
0
 

Author Comment

by:prologic08
ID: 40385293
That worked Joshua, thanks!

In addition, I was able to get rid of the values for Attribute and Environmental Variable.

I wanted it to only look within OU=User_Accounts,DC=mydomain,DC=com

So I kept that though I haven't tested enough to know if that is binding correctly but it works with or without it. Here is what I ended with:

Filter: (&(objectCategory=person)(objectClass=user)(department=Information Technology))
Binding: LDAP://OU=User_Accounts,DC=mydomain,DC=com
Attribute:
Environmental Var:

And for anyone else wondering why it still might not be working... If you see a dotted red line under the setting you are changing, it means that it is disabled and the changes will not take. You have to hit F6 on the setting to enable it. More info here: http://technet.microsoft.com/en-us/library/cc754299.aspx
0
 
LVL 16

Expert Comment

by:Joshua Grantom
ID: 40385330
Awesome, glad it worked for you. I have never tried Item-Level Targeting using an LDAP filter. Glad to see it works!
0

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
This Micro Tutorial will teach you how to change your appearance and customize your Windows 7 interface to your unique preference. This will be demonstrated using Windows 7 operating system.
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses
Course of the Month13 days, 17 hours left to enroll

800 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question