Well, the obvious effect is that it prevents domain-linked
policies from being delivered correctly, including password policy. This is
probably not desirable. I can't think of a good scenario where this would be
useful.
Darren From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of WATSON, BEN Sent: Wednesday, September 13, 2006 9:37 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Block Inheritance on DC OU The company I am currently working for has “block
inheritance” enabled for the Domain Controller’s OU and apparently whoever
enabled this setting is no longer with the company (or they won’t fess up to why
they did this). Although I am curious, what sort of ramifications does
enabling “block inheritance” on the Domain Controller’s OU pose? And what
reason would you have to enable this setting on the Domain Controller’s
OU? With any other OU, it would be fairly obvious, but being that these
are the Domain Controllers it would seem to be a unique
situation. Thanks as always for your input, ~Ben |
- RE: [ActiveDir] Block Inheritance on DC OU Dave Wade
- RE: [ActiveDir] Block Inheritance on DC OU Darren Mar-Elia
- RE: [ActiveDir] Block Inheritance on DC OU Grillenmeier, Guido
- RE: [ActiveDir] Block Inheritance on DC O... Dave Wade
- RE: [ActiveDir] Block Inheritance on ... Derek Harris
- Re: [ActiveDir] Block Inheritance on DC OU Kamlesh Parmar
- RE: [ActiveDir] Block Inheritance on DC O... Derek Harris
- RE: [ActiveDir] Block Inheritance on ... Darren Mar-Elia
- RE: [ActiveDir] Block Inheritanc... joe
- RE: [ActiveDir] Block Inheri... Darren Mar-Elia
- Re: [ActiveDir] Block Inheritanc... Kamlesh Parmar