Adaxes

Business Unit

0 votes

My current AD structure is over complicated because our business has consolidated over the past few years. I could of course restructure it. but as I test your product, I was hoping it could cover over some of our issues. My Structure has an OU for each City (1st level), and Sub OU's for each Business Unit (2nd Level), with Sub OU's (under the Business Unit OU making this the 3rd level) for each type of Object (Computers, Servers, Groups and Users). Over time our IT organizations have mostly consolidated at the city level, meaning the Business Unit OU's are really unnecessary. I would like to make a single Business Unit for Managing all the desktop and laptop computers under a city. But unfortunately I can't do a simple query at the city level for objectcategory=computer, because it pulls in server objects as well, which I do not want to give access to the helpdesk.

I did not see a way to add multiple containers to a single business unit. Am I missing any functionality in ADAXES that could enable this scenario?

by (80 points)

1 Answer

0 votes
by (18.0k points)

Hello,

But unfortunately I can't do a simple query at the city level for objectcategory=computer, because it pulls in server objects as well, which I do not want to give access to the helpdesk.

Do you want the list not to include domain controllers or all computers with server edition of Windows installed?
If you need just to exclude domain controllers, select the Server or Workstation item in the Build Query dialog (see image attached).
If you want to exclude all computers with server edition of Windows installed, you can use a query like this: 

(&(objectCategory=computer)(sAMAccountType:1.2.840.113556.1.4.803:=805306369)(userAccountControl:1.2.840.113556.1.4.803:=4096)(!(|(operatingSystem=Windows Server 2003)(operatingSystem=Windows 2000 Server))))

Use LDAP Filter Builder to analyze this query (see image attached)

I did not see a way to add multiple containers to a single business unit. Am I missing any functionality in ADAXES that could enable this scenario?

It is possible to add multiple containers to a Business Unit:

  1. Right-click your Business Unit and select Properties
  2. Activate the Membership Rules tab
  3. Click Add
  4. Select Container Children and select the container or OU you need
    Repeat steps 3 and 4 for all containers you need.

(Query to Exclude Domain Controllers)

(LDAP Filter Builder)

(Multiple Containers in Business Unit)

Related questions

0 votes
1 answer
Set a computer property pattern for new objects in a business unit

I have a specific computer property pattern for three different types of computers, which live in three different OUs and are in three different business units. I will have ... How do I enforce a property pattern for a specific business unit at creation time?

asked Jul 17, 2023 by bennett.blodinger (60 points)
0 votes
1 answer
Business Unit UUID changing during upgrade, breaking custom toolchain with API

Hello, We recently applied the 2023 upgrade following the backup / uninstall / install / restore procedure and we faced an issue: UUIDs for Business Units changed, which ... upgrade Adaxes in the future that does not delete and recreate Business Units? Cheers

asked May 4, 2023 by ygini (240 points)
0 votes
1 answer
Web UI: restrict browsing to a business unit?

we have created some business units which only return certain items in our directory. when using the web ui, how do we restrict browing functions to only look in the business ... unit. if this is not possible, how is it envisaged that these units are used?

asked Apr 14, 2023 by i*windows (260 points)
0 votes
1 answer
business unit not visible in web interface

Hi I have create a business unit located in Business Units --Test BU's ----FTE Accounts Then I have created a Security Role called Test User Management with me as ... shown at all. I have the headline business units but nothing in there. Thanks Peter Sonander

asked Feb 7, 2023 by Sonander (40 points)
0 votes
1 answer
Automate adding members to Business Unit

I would like to create a scheduled task to search for specific AD groups based on part of the name and automatically be added to the Business Unit. I am not finding much online about it and it doesn't appear to be an OOB thing in Scheduled Tasks.

asked Dec 29, 2022 by msheppard (20 points)
3,350 questions
3,051 answers
7,791 comments
545,067 users