If I add a group policy to an OU and the only object in that OU is a Global Group with numerous members will the users have the group policy applied to them>>>
for example, in your testdomain.com. your user is in the Users folder testdomain.com, and you create an OU, added to this ou a global group to it with your user as member of this group. created and linked policy to your ou.
ou with policy and containing your global group with "read and apply group persmissions" and run gpupdate results in: 0 results
why ?? your user in in a different context. it is located in testdomain.com and in ou.testdomain.com
your user will receive policy (inherentance) right from your domain NOT FROM YOU OU BECAUSE IT IS NOT LOCATED THERE.
Your user cannot exits, in Active Directory, in 2 different OU at the same time. (maybe you can you use an alias, is there any??)
try it yourself: (I DID !!)
i have an testdomain.com with ou and ou2
(so it would be, it?s context: ou.testdomain.com
ou2.testdomain.com)
create ou
create group policy and link it to ou
create in ou global group - give it "read + apply group policy permissions"
create in your domain an user (in Users folder)
add user to your global group (member)
run gpupdate
test -- will not work -- gp not applied to your user
now move your global group to another ou, for exapmle ou2 with no group policy (create it !!)
and now move your user to ou (with the group policy linked to it)
This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.