So assuming all the staff accounts are under administration, why not point it
there instead? Why even allow the rest of the OUs to be included if it's staff
only?
--
There are 10 kinds of people in the world...
those who understand binary and those who don't.
From: [email protected] [mailto:[email protected]] On
Behalf Of Kennedy, Jim
Sent: Thursday, January 19, 2017 2:17 PM
To: '[email protected]' <[email protected]>
Subject: [NTSysADM] Deny read on an OU Tree
Putting up a wireless SSID for staff using a Cisco WCL. Best way to do this is
a straight OU lookup but I can only point it at one OU. There are multiple
OU's I need to target that are all under 'Elyriaschools'
[cid:[email protected]]
As you can see Students have sub ou's for the year they are allegedly going to
graduate. I want to deny read to all those years, the entirety of the Students
OU. You would think a deny on the account that does the LDAP lookups on
'Students' would deny on all the sub OU's.
But it doesn't, I have to put a deny on each Year.
Am I missing something, can I do a single deny somehow on Students? Each
school year a new folder is created in Students for the incoming Kindergarten
folks....you know we will forget to do this next fall.
