Adaxes

Business Unit

0 votes

My current AD structure is over complicated because our business has consolidated over the past few years. I could of course restructure it. but as I test your product, I was hoping it could cover over some of our issues. My Structure has an OU for each City (1st level), and Sub OU's for each Business Unit (2nd Level), with Sub OU's (under the Business Unit OU making this the 3rd level) for each type of Object (Computers, Servers, Groups and Users). Over time our IT organizations have mostly consolidated at the city level, meaning the Business Unit OU's are really unnecessary. I would like to make a single Business Unit for Managing all the desktop and laptop computers under a city. But unfortunately I can't do a simple query at the city level for objectcategory=computer, because it pulls in server objects as well, which I do not want to give access to the helpdesk.

I did not see a way to add multiple containers to a single business unit. Am I missing any functionality in ADAXES that could enable this scenario?

by (80 points)

1 Answer

0 votes
by (18.0k points)

Hello,

But unfortunately I can't do a simple query at the city level for objectcategory=computer, because it pulls in server objects as well, which I do not want to give access to the helpdesk.

Do you want the list not to include domain controllers or all computers with server edition of Windows installed?
If you need just to exclude domain controllers, select the Server or Workstation item in the Build Query dialog (see image attached).
If you want to exclude all computers with server edition of Windows installed, you can use a query like this: 

(&(objectCategory=computer)(sAMAccountType:1.2.840.113556.1.4.803:=805306369)(userAccountControl:1.2.840.113556.1.4.803:=4096)(!(|(operatingSystem=Windows Server 2003)(operatingSystem=Windows 2000 Server))))

Use LDAP Filter Builder to analyze this query (see image attached)

I did not see a way to add multiple containers to a single business unit. Am I missing any functionality in ADAXES that could enable this scenario?

It is possible to add multiple containers to a Business Unit:

  1. Right-click your Business Unit and select Properties
  2. Activate the Membership Rules tab
  3. Click Add
  4. Select Container Children and select the container or OU you need
    Repeat steps 3 and 4 for all containers you need.

(Query to Exclude Domain Controllers)

(LDAP Filter Builder)

(Multiple Containers in Business Unit)

Related questions

0 votes
0 answers
Security role is not propagating to objects within the Business Unit

I have applied a security role to a group at the top of a Business Unit Container and set it to apply to the subtree and it does, all Containers and Business Units do ... Unit. Did I apply the permissions wrong or is there some setting I need to change?

asked Aug 9 by ajmilic (100 points)
0 votes
1 answer
Add parent scope to business unit query via script.

In the query portion of creating a business unit: Group Query Section $rules = $unit.GetMembershipRules() $rule = $rules.Create("ADM_BUSINESSUNITMEMBERSHIPTYPE_QUERY") $rule.Exclude = $false ... by. Sorry if this is specified somewhere, but I couldn't find it.

asked Jun 4 by ajmilic (100 points)
0 votes
1 answer
Set a computer property pattern for new objects in a business unit

I have a specific computer property pattern for three different types of computers, which live in three different OUs and are in three different business units. I will have ... How do I enforce a property pattern for a specific business unit at creation time?

asked Jul 17, 2023 by bennett.blodinger (60 points)
0 votes
1 answer
Business Unit UUID changing during upgrade, breaking custom toolchain with API

Hello, We recently applied the 2023 upgrade following the backup / uninstall / install / restore procedure and we faced an issue: UUIDs for Business Units changed, which ... upgrade Adaxes in the future that does not delete and recreate Business Units? Cheers

asked May 4, 2023 by ygini (240 points)
0 votes
1 answer
Web UI: restrict browsing to a business unit?

we have created some business units which only return certain items in our directory. when using the web ui, how do we restrict browing functions to only look in the business ... unit. if this is not possible, how is it envisaged that these units are used?

asked Apr 14, 2023 by i*windows (280 points)
3,538 questions
3,229 answers
8,222 comments
547,739 users