![]() In other words, the object exists, but is not accessible, and uniqueness rules prevent us from creating a similarly-named object. It’s very easy to “lose” an object after creating a complex OU hierachy with matching delegated permissions to boot, by successfully finding an object in the Find function in ADUC, but not being able to access the same because delegated administrative control bars the currently logged on user from accessing either the object itself or the container (or one of the containers of the container) holding the said object. ![]() This way, objects won’t get “lost” in an intricate and highly complex OU design. Have a principle on OU design, at least on the top levels of the OU. Example, all computer objects of web servers running IIS can be placed on one OU, and apply to that OU a Group Policy Object that ensures that the World Wide Web Publising Service starts automatically on those servers, while is Disabled for the rest. This is because Group Policies can also control which services are running on a specific machine. In the same way that user objects can be separated from their workstations, the services can also be can be separated from the server. ![]() Consider separating the service from the server. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |