Chris, I am sure you raised this issue to the "higher
ups" you mentioned, but, wouldn't be easier to develop an OU
architecture that broke the >20,000 users up into separate OUs for
management. That way those 40-50 OU
Admins would be further broken up to their respective OU. I would think you could sell the "higher
ups" on the ability to delegate to those OU. Just my $0.02 Dan -----Original Message----- Let me give more info as
to why I'm asking this question. The idea has been floated of putting all of
our user accounts (>20,000) into one OU. Other OU's would exist, where
groups would reside. Access would be give to 40-50 different OU admins to the
primary User OU, and they would determine who they would put into their own
groups. From there, GPO's would be applied to the OU's by the OU admin, with
the GPO being applied to the group members (which everyone here says is
impossible). I have a headache just
thinking of this because of having 40-50 people having access to all user
accounts and trying to make sure they only touch what they are supposed to
touch, etc. I'm supposed to find all possible reasons why not to do this. So, I
ask questions..... Chris Flesher The University of Chicago NSIT/DCS 1-773-834-8477
|
Title: Message
- RE: [ActiveDir] Group Policy question Roger Seielstad
- RE: [ActiveDir] Group Policy question Narkinsky, Brian
- RE: [ActiveDir] Group Policy question Crenshaw, Jason
- RE: [ActiveDir] Group Policy questio... Chris Flesher
- RE: [ActiveDir] Group Policy question Roger Seielstad
- RE: [ActiveDir] Group Policy question Sullivan, Kevin
- RE: [ActiveDir] Group Policy questio... Chris Flesher
- RE: [ActiveDir] Group Policy question Roger Seielstad
- RE: [ActiveDir] Group Policy questio... Chris Flesher
- RE: [ActiveDir] Group Policy question Fugleberg, David A
- RE: [ActiveDir] Group Policy question daniel . gilbert
- RE: [ActiveDir] Group Policy question Crenshaw, Jason
- RE: [ActiveDir] Group Policy questio... Chris Flesher
- RE: [ActiveDir] Group Policy question Tucker, Mark
- RE: [ActiveDir] Group Policy question Gil Kirkpatrick
- RE: [ActiveDir] Group Policy question Coleman, Hunter
- RE: [ActiveDir] Group Policy question SEYBOLDT,VOLKER (HP-Germany,ex1)
- RE: [ActiveDir] Group Policy question Roger Seielstad
- RE: [ActiveDir] Group Policy question Roger Seielstad
- RE: [ActiveDir] Group Policy questio... Chris Flesher
- RE: [ActiveDir] Group Policy question Roger Seielstad