RE: [ActiveDir] Block Inheritance on DC OU

[Darren Mar-Elia]

Well, the obvious effect is that it prevents domain-linked policies from being delivered correctly, including password policy. This is probably not desirable. I can't think of a good scenario where this would be useful.   Darren From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of WATSON, BEN Sent: Wednesday, September 13, 2006 9:37 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Block Inheritance on DC OU The company I am currently working for has “block inheritance” enabled for the Domain Controller’s OU and apparently whoever enabled this setting is no longer with the company (or they won’t fess up to why they did this).   Although I am curious, what sort of ramifications does enabling “block inheritance” on the Domain Controller’s OU pose?  And what reason would you have to enable this setting on the Domain Controller’s OU?  With any other OU, it would be fairly obvious, but being that these are the Domain Controllers it would seem to be a unique situation.   Thanks as always for your input, ~Ben