The only other reason I can think of they would do it this way is that whatever app is creating the user accounts is still involved after the accounts are created, it can't deal with multiple OU's, and they've let the limitations of the HR app dictated what the OU structure has to be.
________________________________ From: Vue, Za [mailto:[email protected]] Sent: Wednesday, February 04, 2009 10:57 AM To: Active Directory Admin Issues Subject: RE: Auto Created Users This is one reason we decided 5 years ago to manage our own AD and not be part of the enterprise group. I did not want to butt heads with the enterprise admins for these little simple things. We have smart enterprise admins but I think once the accounts auto generate they don't know which OU to move them to or are too lazy to drag and drop this user to that OU(where you are an OU admin). So this is how it will be done, keep all accounts in the main OU. :) -Z.V. > -----Original Message----- > From: Ziots, Edward [mailto:[email protected]] > Sent: Wednesday, February 04, 2009 9:05 AM > To: Active Directory Admin Issues > Subject: RE: Auto Created Users > > I totally concur, that is a power play by the Enterprise Admins, you > can > delegate rights to the OU to allow others to move there users to there > own OU's and manage them accordingly. > > I have more than 15K in users and that is how its done here.. > > Z > > Edward E. Ziots > Network Engineer > Lifespan Organization > Email: [email protected] > Phone: 401-639-3505 > MCSE, MCP+I, ME, CCA, Security +, Network + > -----Original Message----- > From: Michael B. Smith [mailto:[email protected]] > Sent: Wednesday, February 04, 2009 8:58 AM > To: Active Directory Admin Issues > Subject: RE: Auto Created Users > > That's a crock. > > Most MORG/LORGs use OU and delegate rights specifically for the reasons > you > mention. (And others.) > > Regards, > > Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP > My blog: http://TheEssentialExchange.com/blogs/michael > I'll be at TEC'2009! http://www.tec2009.com/vegas/index.php > > > -----Original Message----- > From: Stephen Wimberly [mailto:[email protected]] > Sent: Wednesday, February 04, 2009 7:37 AM > To: Active Directory Admin Issues > Subject: Auto Created Users > > Our enterprise domain automatically creates users based on a feed from > our > HR PeopleSoft. During that design it was decided that all user objects > should reside in a single flat OU and that only a few select domain > admins > would have any rights to that OU. > > This means we cannot apply any Preferences to the user object. > (Policies > can operate in a LoopBack processing model.) > > We have asked that our Enterprise Domain change this to allow user > objects > to reside in other OU locations, but they tell us that 'every large > scale > domain' is done this way and that to do otherwise would be 'unheard > of.' > Is > this true? Is there 'no way' to effectively move user objects to other > AD > locations to allow OU Admins the ability to apply user preferences? Is > there another way to apply user preferences? > > We have just over 15,000 user objects. > > > > ~ NEW: CounterSpy Enterprise: Centralized Antispyware - #1 in eWEEK > Test! ~ > ~ <http://www.sunbelt-software.com/product.cfm?id=400> ~ > > > ~ NEW: CounterSpy Enterprise: Centralized Antispyware - #1 in eWEEK > Test! ~ > ~ <http://www.sunbelt-software.com/product.cfm?id=400> ~ > > ~ NEW: CounterSpy Enterprise: Centralized Antispyware - #1 in eWEEK > Test! ~ > ~ <http://www.sunbelt-software.com/product.cfm?id=400> ~ ~ NEW: CounterSpy Enterprise: Centralized Antispyware - #1 in eWEEK Test! ~ ~ <http://www.sunbelt-software.com/product.cfm?id=400> ~ ************************************************************************************************** Note: The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. ************************************************************************************************** ~ NEW: CounterSpy Enterprise: Centralized Antispyware - #1 in eWEEK Test! ~ ~ <http://www.sunbelt-software.com/product.cfm?id=400> ~ ________________________________ This e-mail message (including any attachments) is for the sole use of the intended recipient(s) and may contain confidential and privileged information. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this message (including any attachments) is strictly prohibited. If you have received this message in error, please contact the sender by reply e-mail message and destroy all copies of the original message (including attachments). ~ NEW: CounterSpy Enterprise: Centralized Antispyware - #1 in eWEEK Test! ~ ~ ~ ************************************************************************************************** Note: The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. ************************************************************************************************** ~ NEW: CounterSpy Enterprise: Centralized Antispyware - #1 in eWEEK Test! ~ ~ <http://www.sunbelt-software.com/product.cfm?id=400> ~
