0 votes

My current AD structure is over complicated because our business has consolidated over the past few years. I could of course restructure it. but as I test your product, I was hoping it could cover over some of our issues. My Structure has an OU for each City (1st level), and Sub OU's for each Business Unit (2nd Level), with Sub OU's (under the Business Unit OU making this the 3rd level) for each type of Object (Computers, Servers, Groups and Users). Over time our IT organizations have mostly consolidated at the city level, meaning the Business Unit OU's are really unnecessary. I would like to make a single Business Unit for Managing all the desktop and laptop computers under a city. But unfortunately I can't do a simple query at the city level for objectcategory=computer, because it pulls in server objects as well, which I do not want to give access to the helpdesk.

I did not see a way to add multiple containers to a single business unit. Am I missing any functionality in ADAXES that could enable this scenario?

by (80 points)

1 Answer

0 votes
by (18.0k points)

Hello,

But unfortunately I can't do a simple query at the city level for objectcategory=computer, because it pulls in server objects as well, which I do not want to give access to the helpdesk.

Do you want the list not to include domain controllers or all computers with server edition of Windows installed?
If you need just to exclude domain controllers, select the Server or Workstation item in the Build Query dialog (see image attached).
If you want to exclude all computers with server edition of Windows installed, you can use a query like this:

(&(objectCategory=computer)(sAMAccountType:1.2.840.113556.1.4.803:=805306369)(userAccountControl:1.2.840.113556.1.4.803:=4096)(!(|(operatingSystem=Windows Server 2003)(operatingSystem=Windows 2000 Server))))

Use LDAP Filter Builder to analyze this query (see image attached)

I did not see a way to add multiple containers to a single business unit. Am I missing any functionality in ADAXES that could enable this scenario?

It is possible to add multiple containers to a Business Unit:

  1. Right-click your Business Unit and select Properties
  2. Activate the Membership Rules tab
  3. Click Add
  4. Select Container Children and select the container or OU you need
    Repeat steps 3 and 4 for all containers you need.

(Query to Exclude Domain Controllers)

(LDAP Filter Builder)

(Multiple Containers in Business Unit)

Related questions

0 votes
1 answer

Dear, I'm having issue in adding a group to a Business Unit. The situation is as following: We have given our IT ServiceDesk access to manage certain groups. This is ... Unit.", "Information") Can you please verify what is preventing the addition? Thank you.

asked Nov 29 by alexalex (20 points)
0 votes
1 answer

Is it possible to create a business unit and have it auto populate with group owners in a specific OU. I've tried a few scripts to get propertie adm-managedbylist but none have worked so far.

asked Nov 18 by C27 (20 points)
0 votes
0 answers

I have applied a security role to a group at the top of a Business Unit Container and set it to apply to the subtree and it does, all Containers and Business Units do ... Unit. Did I apply the permissions wrong or is there some setting I need to change?

asked Aug 9 by ajmilic (100 points)
0 votes
1 answer

In the query portion of creating a business unit: Group Query Section $rules = $unit.GetMembershipRules() $rule = $rules.Create("ADM_BUSINESSUNITMEMBERSHIPTYPE_QUERY") $rule.Exclude = $false ... by. Sorry if this is specified somewhere, but I couldn't find it.

asked Jun 4 by ajmilic (100 points)
0 votes
1 answer

I have a specific computer property pattern for three different types of computers, which live in three different OUs and are in three different business units. I will have ... How do I enforce a property pattern for a specific business unit at creation time?

asked Jul 17, 2023 by bennett.blodinger (60 points)
3,589 questions
3,278 answers
8,303 comments
548,107 users