There are other OU's under ElyriaSchools that need to be included that you don't see.
From: [email protected] [mailto:[email protected]] On Behalf Of Melvin Backus Sent: Thursday, January 19, 2017 2:48 PM To: [email protected] Subject: [NTSysADM] RE: Deny read on an OU Tree So assuming all the staff accounts are under administration, why not point it there instead? Why even allow the rest of the OUs to be included if it's staff only? -- There are 10 kinds of people in the world... those who understand binary and those who don't. From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Kennedy, Jim Sent: Thursday, January 19, 2017 2:17 PM To: '[email protected]' <[email protected]<mailto:[email protected]>> Subject: [NTSysADM] Deny read on an OU Tree Putting up a wireless SSID for staff using a Cisco WCL. Best way to do this is a straight OU lookup but I can only point it at one OU. There are multiple OU's I need to target that are all under 'Elyriaschools' [cid:[email protected]] As you can see Students have sub ou's for the year they are allegedly going to graduate. I want to deny read to all those years, the entirety of the Students OU. You would think a deny on the account that does the LDAP lookups on 'Students' would deny on all the sub OU's. But it doesn't, I have to put a deny on each Year. Am I missing something, can I do a single deny somehow on Students? Each school year a new folder is created in Students for the incoming Kindergarten folks....you know we will forget to do this next fall.
