OU/Container Question Rephrased

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Let me rephrase my earlier question. I have remote users that connect via
Dialup or VPN to gain access to Exchange server and network shares (in the
case of VPN users). I would like to implement different group policy based
on remote users versus local users. To do so I thought to create OU's
instead of sites as they make more sense in our case. We do have other
sites, but they are too small to warrant DC's/servers and run peer-to-peer
networking. No need to set up AD sites for them.

So if I create OU's to help apply different group policy I also want to have
separate User and Computer containers inside each OU. This will help make
the views more human readable. The only way I see to do this is to make
sub-OU's called User and Computer within my Local OU and Remote OU. This
seems strange to me. I would think I could nest non-OU type containers
inside of an OU for this reason.

Am I making sense? Is this understandable? Is this possible?

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Have you thought about just using security groups? This is an option we are
looking into. This way, we could either apply or deny policies based on this
group membership without having to create sub-OU's. We do seperate out the
computer from the user accounts, so we would actually have 2 groups, one for
remote users and one for remote workstations.

"Steve Gould" wrote:

> Let me rephrase my earlier question. I have remote users that connect via
> Dialup or VPN to gain access to Exchange server and network shares (in the
> case of VPN users). I would like to implement different group policy based
> on remote users versus local users. To do so I thought to create OU's
> instead of sites as they make more sense in our case. We do have other
> sites, but they are too small to warrant DC's/servers and run peer-to-peer
> networking. No need to set up AD sites for them.
>
> So if I create OU's to help apply different group policy I also want to have
> separate User and Computer containers inside each OU. This will help make
> the views more human readable. The only way I see to do this is to make
> sub-OU's called User and Computer within my Local OU and Remote OU. This
> seems strange to me. I would think I could nest non-OU type containers
> inside of an OU for this reason.
>
> Am I making sense? Is this understandable? Is this possible?
>
>
>

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Now there is a darn good suggestion that I never thought of.

It still seems to me that Microsoft should allow for container folders in
OU's so us admins can segregate users from computers for easier
administration, though.


"daluebb" <daluebb@discussions.microsoft.com> wrote in message
news8F05893-FD58-4F22-B06D-AFABD2E19F99@microsoft.com...
> Have you thought about just using security groups? This is an option we
> are
> looking into. This way, we could either apply or deny policies based on
> this
> group membership without having to create sub-OU's. We do seperate out
> the
> computer from the user accounts, so we would actually have 2 groups, one
> for
> remote users and one for remote workstations.
>
> "Steve Gould" wrote:
>
>> Let me rephrase my earlier question. I have remote users that connect via
>> Dialup or VPN to gain access to Exchange server and network shares (in
>> the
>> case of VPN users). I would like to implement different group policy
>> based
>> on remote users versus local users. To do so I thought to create OU's
>> instead of sites as they make more sense in our case. We do have other
>> sites, but they are too small to warrant DC's/servers and run
>> peer-to-peer
>> networking. No need to set up AD sites for them.
>>
>> So if I create OU's to help apply different group policy I also want to
>> have
>> separate User and Computer containers inside each OU. This will help make
>> the views more human readable. The only way I see to do this is to make
>> sub-OU's called User and Computer within my Local OU and Remote OU. This
>> seems strange to me. I would think I could nest non-OU type containers
>> inside of an OU for this reason.
>>
>> Am I making sense? Is this understandable? Is this possible?
>>
>>
>>