Trying to avoid that. Will end up having to move a boatload of GPO’s with them, but looking like that is the way I am going to go.
From: [email protected] [mailto:[email protected]] On Behalf Of D R Sent: Thursday, January 19, 2017 3:08 PM To: [email protected] Subject: Re: [NTSysADM] Deny read on an OU Tree Jim, Why don't you create a new OU and put those who need wireless under that OU? Then point to that OU? Daniel On Thu, Jan 19, 2017 at 1:16 PM, Kennedy, Jim <[email protected]<mailto:[email protected]>> wrote: Putting up a wireless SSID for staff using a Cisco WCL. Best way to do this is a straight OU lookup but I can only point it at one OU. There are multiple OU’s I need to target that are all under ‘Elyriaschools’ [cid:[email protected]] As you can see Students have sub ou’s for the year they are allegedly going to graduate. I want to deny read to all those years, the entirety of the Students OU. You would think a deny on the account that does the LDAP lookups on ‘Students’ would deny on all the sub OU’s. But it doesn’t, I have to put a deny on each Year. Am I missing something, can I do a single deny somehow on Students? Each school year a new folder is created in Students for the incoming Kindergarten folks….you know we will forget to do this next fall. -- Daniel Rodriguez [email protected]<mailto:[email protected]>
