0 votes

My current AD structure is over complicated because our business has consolidated over the past few years. I could of course restructure it. but as I test your product, I was hoping it could cover over some of our issues. My Structure has an OU for each City (1st level), and Sub OU's for each Business Unit (2nd Level), with Sub OU's (under the Business Unit OU making this the 3rd level) for each type of Object (Computers, Servers, Groups and Users). Over time our IT organizations have mostly consolidated at the city level, meaning the Business Unit OU's are really unnecessary. I would like to make a single Business Unit for Managing all the desktop and laptop computers under a city. But unfortunately I can't do a simple query at the city level for objectcategory=computer, because it pulls in server objects as well, which I do not want to give access to the helpdesk.

I did not see a way to add multiple containers to a single business unit. Am I missing any functionality in ADAXES that could enable this scenario?

by (80 points)

1 Answer

0 votes
by (18k points)

Hello,

But unfortunately I can't do a simple query at the city level for objectcategory=computer, because it pulls in server objects as well, which I do not want to give access to the helpdesk.

Do you want the list not to include domain controllers or all computers with server edition of Windows installed?
If you need just to exclude domain controllers, select the Server or Workstation item in the Build Query dialog (see image attached).
If you want to exclude all computers with server edition of Windows installed, you can use a query like this:

(&(objectCategory=computer)(sAMAccountType:1.2.840.113556.1.4.803:=805306369)(userAccountControl:1.2.840.113556.1.4.803:=4096)(!(|(operatingSystem=Windows Server 2003)(operatingSystem=Windows 2000 Server))))

Use LDAP Filter Builder to analyze this query (see image attached)

I did not see a way to add multiple containers to a single business unit. Am I missing any functionality in ADAXES that could enable this scenario?

It is possible to add multiple containers to a Business Unit:

  1. Right-click your Business Unit and select Properties
  2. Activate the Membership Rules tab
  3. Click Add
  4. Select Container Children and select the container or OU you need
    Repeat steps 3 and 4 for all containers you need.

(Query to Exclude Domain Controllers)

(LDAP Filter Builder)

(Multiple Containers in Business Unit)

Related questions

0 votes
1 answer

When creating custom commands you have to select the object type. What is the object type for a Business Unit? It doesn't seem to be OU or Container as I can not select ... execute my script against. I've been searching the site and can not find this detail.

asked Jul 5 by ComputerHabit (790 points)
0 votes
1 answer

I'm trying to setup SelfService group management. We have multiple Forests. Because of the Forests we can't add users from a different forest to the ManagedBy. We can add a local ... end up getting all the groups a user is a memberof or nothing at all. :)

asked Jun 23 by ComputerHabit (790 points)
0 votes
1 answer

Hi there, I've a business unit containing all shared mailboxes. In The Admin Console the filter is okay and the affected objects show the accounts: But when ... provide a list of all shared mailboxes (which are disabled aswell). Kind regards Constantin

asked May 28 by Constey (170 points)
0 votes
1 answer

Hello, we manage 20 Domains with Adaxes. How can we create a Business Unit that holds all objects within OU's /Builtin and Users of all managed Domains without adding each OU seperately? regards Helmut

asked Jan 21 by a423385 (450 points)
0 votes
1 answer

Hi, I'm trying to create a web console only for sending SMS using adaxes 2018.2. The SMS-users that are going to use the console should only be able to view users, not edit ... which removes a lot of OUs that the users should not see or be able to browse to.

asked Sep 2, 2020 by eirikza (120 points)
2,554 questions
2,297 answers
6,126 comments
661,979 users