Group policy applied to AD OU attributes
Posted
by Eric Smith
on Server Fault
See other posts from Server Fault
or by Eric Smith
Published on 2010-01-13T10:19:59Z
Indexed on
2010/04/01
17:33 UTC
Read the original article
Hit count: 335
group-policy
|active-directory
I'm not well-versed in AD, so would like to resolve a question I have with regards to AD information.
I understand that it is possible to apply group policy to OU's, thereby restricting access. What I'd like to know is, is it possible to do the same with OU attributes.
Some context would help. There's a requirement to store address information in AD (IMO, a natural fit), but for various reasons, although obviously things like name should be globally accessible, access restrictions are desired on the address. In this case, is it possible to apply security to the address portion of the OU attributes, or does each address have to be broken into a separate OU (a solution that feels smelly given that address doesn't have identity)?
© Server Fault or respective owner