Need to support users over the internet? click here try our remote control online beta
Remote Support Software
Provide instant remote support to customers and employees:
Click here for a free trial
Provide instant remote support to customers and employees:
Click here for a free trial
Organizational security
we have server 2008 . we create organizational unit . can we put security on organizational unit when we go to folder security option i have to select individual user . i couldn't see organization unit. please helphuz
Need to support users over the internet? click here try our remote control online beta
Need to support users over the internet? click here try our remote control online beta
March 28th, 2012 12:00pm
Hello,
OUs are management options in AD UC and NOT available to configure permissions. Permissions are set for users, security groups and computers. SO what you see is normal.
Please describe what you are tryung to achieve at the end, as mostly the security on OU level is not modified.Best regards
Meinolf Weber
MVP, MCP, MCTS
Microsoft MVP - Directory Services
My Blog:
http://msmvps.com/blogs/mweber/
Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Need to support users over the internet? click here try our remote control online beta
OUs are management options in AD UC and NOT available to configure permissions. Permissions are set for users, security groups and computers. SO what you see is normal.
Please describe what you are tryung to achieve at the end, as mostly the security on OU level is not modified.Best regards
Meinolf Weber
MVP, MCP, MCTS
Microsoft MVP - Directory Services
My Blog:
http://msmvps.com/blogs/mweber/
Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Need to support users over the internet? click here try our remote control online beta
March 28th, 2012 12:03pm
Huz,
OUs in AD are a little different in application to Novell, so you aren't going to be able to apply security in quite the same way. As Meinolf suggested, tell us what you're trying to achieve and we can help.
Cheers,
Lain
There is an amazing pack of free network admin tools. click here to download it
OUs in AD are a little different in application to Novell, so you aren't going to be able to apply security in quite the same way. As Meinolf suggested, tell us what you're trying to achieve and we can help.
Cheers,
Lain
There is an amazing pack of free network admin tools. click here to download it
March 28th, 2012 12:16pm
sir I want to some security on folder, but my all user are created in different organisation unit. so how can we put security on folderhuz
Need to support users over the internet? click here try our remote control online beta
Need to support users over the internet? click here try our remote control online beta
March 28th, 2012 12:17pm
If by "folder" you're talking about a folder on a file server, then you will need to make use of groups. You can't use OUs or containers as security principles in the Microsoft world.
You would need to look at the concept of a shadow group to achieve what you're after if you wanted to persist with your current strategy.
Shadow groups are more of a concept than a particular item. They're just normal group into which you maintan a list of users found within an OU (with or without including members of subtrees). Typically, the group membership is synchronised periodically
via a script set up as a schedule task.
I'm not sure how familiar you are with Powershell, but it's the easiest way to achieve this sort of basic administrative task - assuming you're running Server 2008 R2 or later (or Windows 7 or later, but you wouldn't typically schedule something like
this on a workstation).
Using Powershell, you can do this with three lines:
Import-Module ActiveDirectory
$users = Get-ADUser -SearchScope onelevel -SearchBase "OU=Users,OU=Company,DC=YourDomain,DC=com" -Filter *
Add-ADGroupMember -Identity "YourGroup" -Members $users
Obviously, you'd have to make sure the content in red is changed to suit your environment.
Cheers,
Lain
There is an amazing pack of free network admin tools. click here to download it
You would need to look at the concept of a shadow group to achieve what you're after if you wanted to persist with your current strategy.
Shadow groups are more of a concept than a particular item. They're just normal group into which you maintan a list of users found within an OU (with or without including members of subtrees). Typically, the group membership is synchronised periodically
via a script set up as a schedule task.
I'm not sure how familiar you are with Powershell, but it's the easiest way to achieve this sort of basic administrative task - assuming you're running Server 2008 R2 or later (or Windows 7 or later, but you wouldn't typically schedule something like
this on a workstation).
Using Powershell, you can do this with three lines:
Import-Module ActiveDirectory
$users = Get-ADUser -SearchScope onelevel -SearchBase "OU=Users,OU=Company,DC=YourDomain,DC=com" -Filter *
Add-ADGroupMember -Identity "YourGroup" -Members $users
Obviously, you'd have to make sure the content in red is changed to suit your environment.
Cheers,
Lain
There is an amazing pack of free network admin tools. click here to download it
March 28th, 2012 12:33pm
how to configure powershell in server 2008huz
Need to support users over the internet? click here try our remote control online beta
Need to support users over the internet? click here try our remote control online beta
March 28th, 2012 12:47pm
Hi Huz,
Unfortunately, while you can get Powershell 2.0 for Server 2008, you can only get the required ActiveDirectory module for either Server 2008 R2 or Windows 7. To the best of my knowledge it's still not available (and will likely remain so) for Server 2008
and Vista.
If you wanted to achieve the same thing with Server 2008, you can still do it with Powershell, but you'd have to dig into either the .NET or WMI side of things, and that's more than I can explain (or code) in a quick example. You could also use the older
but still useful Windows Scripting Host (casually referred to as VBScript or JScript).
That said, if you can adjust your thinking, avoid scripting altogether and just work with the group objects themselves. All you have to do is ensure the users accounts are a member of a domain group (generally speaking, as there are multiple group types,
both domain and local) and you can then apply those groups to your file permissions.
The up side to this is that you can apply permissions completely independant of the OU structure. The downside is (arguably) that if you're keen to stick with your original model, it can be viewed as redundant administration. Nevertheless, that's how
it is in AD.
Cheers,
Lain
There is an amazing pack of free network admin tools. click here to download it
Unfortunately, while you can get Powershell 2.0 for Server 2008, you can only get the required ActiveDirectory module for either Server 2008 R2 or Windows 7. To the best of my knowledge it's still not available (and will likely remain so) for Server 2008
and Vista.
If you wanted to achieve the same thing with Server 2008, you can still do it with Powershell, but you'd have to dig into either the .NET or WMI side of things, and that's more than I can explain (or code) in a quick example. You could also use the older
but still useful Windows Scripting Host (casually referred to as VBScript or JScript).
That said, if you can adjust your thinking, avoid scripting altogether and just work with the group objects themselves. All you have to do is ensure the users accounts are a member of a domain group (generally speaking, as there are multiple group types,
both domain and local) and you can then apply those groups to your file permissions.
The up side to this is that you can apply permissions completely independant of the OU structure. The downside is (arguably) that if you're keen to stick with your original model, it can be viewed as redundant administration. Nevertheless, that's how
it is in AD.
Cheers,
Lain
There is an amazing pack of free network admin tools. click here to download it
March 28th, 2012 1:03pm
Hello,
"I want to some security on folder, but my all user are created in different organisation unit. so how can we put security on folder"
Do you talk about AD UC security or on folders in a file server where the user data is stored, please be more specific what you are trying to configure.
Basically you have to create security groups, add the user accounts to the security group and add the security group to the folders you like to apply permissions.Best regards
Meinolf Weber
MVP, MCP, MCTS
Microsoft MVP - Directory Services
My Blog:
http://msmvps.com/blogs/mweber/
Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Need to support users over the internet? click here try our remote control online beta
"I want to some security on folder, but my all user are created in different organisation unit. so how can we put security on folder"
Do you talk about AD UC security or on folders in a file server where the user data is stored, please be more specific what you are trying to configure.
Basically you have to create security groups, add the user accounts to the security group and add the security group to the folders you like to apply permissions.Best regards
Meinolf Weber
MVP, MCP, MCTS
Microsoft MVP - Directory Services
My Blog:
http://msmvps.com/blogs/mweber/
Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Need to support users over the internet? click here try our remote control online beta
March 28th, 2012 3:58pm
This topic is archived. No further replies will be accepted.
Other recent topics
