Questions tagged [organizational-unit]
A unit of organization in Windows Server that organizes Users, Computers, and Printers.
78
questions
9
votes
1
answer
1k
views
Is it possible for a child domain and a OU in the parent domain to share the same name?
I'm adding this Q/A because I just stumbled upon this limitation
today, and I was not able to find any documentation about it; there
is an old KB article about this issue, but it's currently not
...
- 70.7k
8
votes
4
answers
10k
views
GPO not applying to an OU
We have a batch file (logon.bat) that maps drives whenever a user logs on.
This script is applied by Group Policy to the entire domain.
Initially, this worked perfectly, as we always wanted this ...
- 1,180
7
votes
3
answers
83k
views
PowerShell - Limit the search to only one OU
Ive got this cmdlet and I'd like to limit the results to only one OU:
Get-ADUser -Filter {(Enabled -eq $false)} | ? { ($_.distinguishedname -notlike '*Disabled Users*') }
Now Ive tried to use
-...
- 320
7
votes
2
answers
5k
views
In LDAP is it best to nest groups under organizational units or create an organization unit directly under the root dn just for groups?
I'm not sure whether it's better to nest groups under each of my organizational units or to make an organization unit directly under the root DN just for groups. Is one considered best practice over ...
- 496
6
votes
3
answers
60k
views
How do you override a GPO with another GPO?
If there is a GPO which is applied to all Domain Computers which disables something, is there a way to re-enable the disabled thing for some hosts in the domain, without taking those hosts out of the ...
- 868
6
votes
1
answer
7k
views
Join VM to specific Active Directory OU using System Center VMM 2012 Guest OS Profile
We use System Center 2012 Virtual Machine Manager to deploy VMs to our Hyper-V servers. We are starting to use the VM and Service templates to automate our system deployments, but one step we need to ...
- 5,640
5
votes
2
answers
13k
views
Do I need child domains in AD?
I have a an organization having HQ(about 150 users) in one city and 16 branches (high schools, 300-400 users each) each in different city.
What I have to do is create a domain(s) in AD for corporate ...
- 263
5
votes
3
answers
8k
views
How can I create Organizational Units recursively on Powershell?
I'm writing a Powershell script to populate all the company users to a Active Directory from a CSV file.
The script uses the Powershell command New-ADUser and it should know, for every user, where is ...
- 199
5
votes
1
answer
15k
views
PowerShell - Finding all of users' group memberships and kicking it out of them
as title says, I have to find all the groups that the user is a member of, and deleting its membership from all of them.
I've tried this:
get-adgroup -filter * | where {(Get-ADGroupMember $_ | ...
- 320
5
votes
3
answers
24k
views
Windows server. The difference between organisation units and groups? (Active directory)
So they are both objects that you use to organise other objects. You can add users, groups and computers to both of them.
What is the difference between them?
What is the best way to divide users and ...
- 75
4
votes
3
answers
37k
views
Find out if password expired or when it expires for user in a specific OU
Is there any powershell command that outputs the users that have their passwords expired from a specific organizational unit (OU).
If so can it be combined in a script with another command that ...
- 179
4
votes
3
answers
27k
views
PowerShell - finding users who are Inactive AND not disabled
I wrote this cmdlet:
Search-ADAccount -filter {(enabled -eq $true)} -Users Only -SearchBase "ou=FirstOU,dc=domain,dc=com" -AccountInactive -TimeSpan 30
But it outputs an error:
Search-ADAccount : A ...
- 320
4
votes
1
answer
11k
views
Change AD users attributes via Power Shell script
In the domain I'm working we created an attribute "regulationMatrix" . When I try a powershell command like get-aduser USER -properties * that specific attribute shows up only if it has a value set ...
- 179
4
votes
1
answer
558
views
Server 2008: Link security group to organisational unit
I've created a test domain with 2 VM's to experiment and try to gain some knowledge using Server 2008 (+GPO's, OU's, ADUC etc) however I've become a little stuck.
I've created an OU called User ...
- 181
4
votes
2
answers
6k
views
Error Creating OU: Name is Already In Use
I have an OU structure for computers that looks like this:
Workstations
|-- Building
| |-- Floor, Department, or Approximate Location
...
I want to create a child OU called "3 North" in ...
- 1,922
3
votes
3
answers
11k
views
PowerShell script that should find disabled users that are not in a specific OU outputs users from that OU as well
Hey I've got this cmdlet here:
Get-ADUser -filter {(distinguishedName -notlike "Disabled Users") -and (enabled -eq $false)} -searchBase "ou=FirstOU,dc=domain,dc=com"
I've built it to find disabled ...
- 320
3
votes
2
answers
3k
views
in AD, explain to me the benefits of putting users into OUs
Up until now I have just left all the users and computers in my domain in the domain root.
I've been considering how I might better organize my AD, but I don't see the advantage of using OUs yet.
...
- 1,614
3
votes
1
answer
6k
views
Cant find "Read Lockout Time" and "Write Lockout Time" for delegation on OU
Trying to delegate permissions to a group on a OU; but cant find 2 properties in special permissions for "User Objects" they are "Read Lockout Time" and "Write Lockout Time" any reason i couldnt see ...
- 827
3
votes
1
answer
2k
views
Applying a group policy at the domain level and scoping vs. applying at the OU level
The way I see it, if I have a GPO and want to apply it, 2 options I have are:
Linking the GPO to the domain and then scoping to security groups and maybe users
Linking the GPO to an OU that contains ...
- 41
2
votes
3
answers
3k
views
GPO - Restricted Groups applying, but don't actually add the group
The following scenario is weird. Please be advised.
I have created a GPO on an OU containing workstations like this:
This GPO purpose is to make the Backup Operators group a member of the local ...
- 1,938
2
votes
1
answer
1k
views
How can I correct my foreach loop in powershell for every Active Directory OU user?
Goal: Create a for or foreach loop to execute some code (in this case, just print x) for every user in an OU.
Im using powershell 2.0, with ActiveDirectory module.
So far: This is what I have (see ...
- 65
2
votes
1
answer
316
views
Structuring an OU to properly model an Organizational Hierarchy
I'm experimenting with using OUs in my network's Active Directory and group policy. However, I'm having a little trouble figuring out the right way to structure my OUs so that I can have individual ...
- 555
2
votes
2
answers
5k
views
Mapped Drive by OU
I want to implement a mapped drive which is hidden/exposed based on the OU of the user. I have a working version of this in one environment (Windows 2008R2; created by someone else), and I am trying ...
- 309
2
votes
1
answer
8k
views
Difference between "Descendant User Objects" and just "User Objects"
i am trying to delegate permissions on a cetain OU to a certain group. All i find is "Descendatn User Objects" and not just "User Objects" ; we have those available in other domain; please do let me ...
- 827
2
votes
1
answer
2k
views
Apply group policy to specific users (in an OU) on specific computers (not in an OU)
This has been bugging me for a while. Here's the setup:
We have ~20 Win2k8r2 servers. They are separated into various OUs that I can't change. I have created a security group "DevHostsSG" that ...
- 61
2
votes
2
answers
712
views
Authorization using LDAP OU or Groups
In the below image I have drawn two schema structures for LDAP(Active Directory) I would like to know which one is correct.
In my organisation they are using Structure 1 design for PC login and ...
- 123
1
vote
2
answers
4k
views
Set Organizational Unit by IP Address in Active Directory
Our AD is a mess, and I've been trying to look for a way to automatically assign computers/workstations to an Organizational Unit based on their IP address. I've had no luck, though, in finding any ...
- 1,389
1
vote
1
answer
215
views
Complex Group Policy Inheritance
I'm currently trying to design the OU and Group design for a new AD deployment. Firstly, taxonomy is hard. As a first guess attempt, we're trying to keep all User objects together in OU=Users, and ...
- 27.5k
1
vote
2
answers
599
views
How to find potential AD-groupname and OU-structure dependencies of eco-systems?
Currently we are in the process of redesigning our AD infrastructure. I am pretty concerned about the possible impact a change of several group- or OU-names might have to our eco-systems (like IAM ...
- 2,468
1
vote
2
answers
5k
views
Can I move these items around in active directory
I am just reorganising my companies active directory structure, as it hasn't kept up with changes in the company structure.
There are a few items I am not sure if I can move or not. Can anyone tell ...
- 1,743
1
vote
1
answer
822
views
Restricting particular OUs from accessing Active Directory folder
I know how to restrict individual users from accessing/reading OUs or folders in Active Directory.
This page provides a good guide on how to do this.
But how can one bar the users of an entire OU, ...
- 113
1
vote
2
answers
3k
views
Putting a shortcut on the desktop of all the people in a particular OU?
At work we have all the user desktops redirected to a server.
Within a all the users in an OU I need to put the same shortcut on all of their desktops. Is there an easier way to do this than just ...
- 4,909
1
vote
1
answer
2k
views
assign an OU to a certain RODC
I have a RWDC(A) and two RODC(B and C).i create an OU for each branch in RWDC however the OU and its content will be replicated to all DCs within the domain.
So I want to know can we assign an OU to a ...
- 145
1
vote
2
answers
2k
views
Link a GPO to an OU or security group, Who will win?
Here's the scenario:
A GPO is linked to an OU to enable, for example, UAC setting.
However, since there are certain systems that require UAC to be disabled, there is a GPO that disables these settings....
- 11
1
vote
1
answer
535
views
Microsoft SQL Server users from OU/SG
MSSQL has its own user authentication apart from the operating system or Active Directory user authentication but can I apply database permissions to organisational units or security groups or somehow ...
- 161
1
vote
1
answer
274
views
How to make Group Policy to the same User Group at different Computer Groups? (VDI)
I made two Organizational Unit in my domain
Thin Clients (there are the physical computer objects)
Virtual Clients (there are the virtual computer objects)
And I have the default
Users (there are ...
- 133
1
vote
2
answers
1k
views
Cannot change default OU for new Distribution Groups in Exchange 2010
I'm trying to use the following command to set the default OU for new distribution groups in Exchange 2010:
Set-OrganizationConfig -DistributioNGroupDefaultOU 'corp.company.com/Employees/MailingList' ...
- 3,250
1
vote
1
answer
744
views
Active Directory: pinpoint cause for access denied when modifying objects
I need a general way to determine the cause of access denied errors when modifying/moving/etc. objects in AD. I know that I can view "effective permissions" but not sure which permission ...
- 31
1
vote
2
answers
173
views
How to delete temporary User account in AWS?
I have created a script to create user accounts under AWS Organizations.
Now,I am trying to automate deleting temporary user accounts in 30Min?
What could be the possible solutions? I can work on ...
- 23
1
vote
1
answer
114
views
Windows Server 2019 - lost all computer from OU? [closed]
I keep computer accounts (Computers) in two separate OU units in Active Directory structure. This morning I had to add some users, and noticed that all machines are missing from their corresponding OU....
- 362
1
vote
1
answer
2k
views
List AD Users that are part of Group Membership but in specific OU
I am trying to list AD users that are a member of a specific group but i need to search one ou at a time
Get-ADGroup 'GroupName' | Get-ADGroupMember
- 21
1
vote
2
answers
17k
views
(GPO) Set AD-User as local admin on all PCs in specific OU
In my AD I have these two OU's: OU PC and OU User. There are a few users in the OU "Users" and several machines in the OU "PC".
I now need to write a GPO for one of these users which will ...
- 33
1
vote
1
answer
1k
views
GPO defining a user policy is being applied, despite being linked to a computer OU (without loopback processing)
I must be missing something obvious here.
We have a GPO linked to a computer OU.
The GPO runs a VB logon script (a user policy) when users log on.
I was just about to enable loopback processing on ...
- 1,180
1
vote
1
answer
476
views
Can users added to certain OU automatically be member of particular group
Windows Server 2008 R2.
Can AD be set up so that any user added to a particular OU automatically be assigned to a particular user group?
- 277
1
vote
0
answers
373
views
Add an audit rule to an Active Directory Organizational Unit with powershell
In the powershell script below, I am collecting Active Directory audit rules for a specific OU, checking if any audit rules exist for a failure, and adding a failure audit rule if one does not exist. ...
- 113
1
vote
1
answer
53
views
Move email addresses to company domain
My current setup is Exchange 2010 and I have 4 different organisational units setup. We have a number of users spread across these organisational units. We would like to now move to a single domain/...
1
vote
3
answers
956
views
GPO: Different GPOs for different users on different PCs
I would like to ask you, how to achieve having different GPO's for different user OUs on different PCs. I'm still a bit new to this. It's running Windows Server 2012 R2.
To understand our OU ...
- 45
1
vote
0
answers
463
views
OU Search base in LDAP AD integration using CUCM
If i dont define an OU when creating user search bases in LDAP will it use the whole domain instead of a specific OU?
- 11
1
vote
1
answer
776
views
Ldap query on single subOU for Alfresco
this is what my ldap looks like :
red.lan
Groups(OU)
Computers(SubOU)
Printers(SubOU)
Users(SubOU)
Some(OU)
Users(OU)
SomeOther(SubOU)
So, i'm ...
- 63
1
vote
0
answers
37
views
How to give Admins Access to move users to a Single OU [duplicate]
We are delegating few acceses to some admins via taskpads;
So we created a OU called "Delete" and we want the admins to move all the users to be deleted to that OU; How can we do that , how can we ...
- 827