Group policy applied to AD OU attributes

Posted by Eric Smith on Server Fault See other posts from Server Fault or by Eric Smith
Published on 2010-01-13T10:19:59Z Indexed on 2010/04/01 17:33 UTC
Read the original article Hit count: 335

I'm not well-versed in AD, so would like to resolve a question I have with regards to AD information.

I understand that it is possible to apply group policy to OU's, thereby restricting access. What I'd like to know is, is it possible to do the same with OU attributes.

Some context would help. There's a requirement to store address information in AD (IMO, a natural fit), but for various reasons, although obviously things like name should be globally accessible, access restrictions are desired on the address. In this case, is it possible to apply security to the address portion of the OU attributes, or does each address have to be broken into a separate OU (a solution that feels smelly given that address doesn't have identity)?

© Server Fault or respective owner

Related posts about group-policy

Related posts about active-directory