B
bob
Greetings,
Background:
Our network was just upgraded from winNT4.0 domain to a
single win2000 AD domain running in native mode. We have
about 4,500 users and 2000 computers supported by 3 Domain
Controllers. DNS, WINS and DHCP are being used on the
network. The upgrade was successful and everything has
been running fine for several months. The organization
has been divided into 10 OU and control delegated to
specific technicians.
Question1 -
When browsing the network with a regular user account
under "My Network Place > Entire Network> Directory", the
full AD structure is listed by OU with users and computer
accounts. How do you prevent users from browsing the AD
structure (OUs, users, computers, domain controllers)? I
would rather have the users only be able to browse the
network using "My Network Place > Entire Network>
Microsoft Windows Network" or not at all?
Question2 -
When browsing the domain via "My Network Place > Entire
Network> Microsoft Windows Network", all computers are
listed under the domain. Is there a way to organize the
list based on OU? I'm looking for a way to browse for a
computer without having to look through 2000 computer
accounts at once.
Question3 -
Setting permissions on an object. User accounts for the
entire domain (4,500) are loaded into the window when
clicking the ADD button to select users for share or
permissions. Is there a way to only display user accounts
from certain top level OUs?
Thanks for any responses. I decided to group these
questions together since they followed the same general
topic.
Background:
Our network was just upgraded from winNT4.0 domain to a
single win2000 AD domain running in native mode. We have
about 4,500 users and 2000 computers supported by 3 Domain
Controllers. DNS, WINS and DHCP are being used on the
network. The upgrade was successful and everything has
been running fine for several months. The organization
has been divided into 10 OU and control delegated to
specific technicians.
Question1 -
When browsing the network with a regular user account
under "My Network Place > Entire Network> Directory", the
full AD structure is listed by OU with users and computer
accounts. How do you prevent users from browsing the AD
structure (OUs, users, computers, domain controllers)? I
would rather have the users only be able to browse the
network using "My Network Place > Entire Network>
Microsoft Windows Network" or not at all?
Question2 -
When browsing the domain via "My Network Place > Entire
Network> Microsoft Windows Network", all computers are
listed under the domain. Is there a way to organize the
list based on OU? I'm looking for a way to browse for a
computer without having to look through 2000 computer
accounts at once.
Question3 -
Setting permissions on an object. User accounts for the
entire domain (4,500) are loaded into the window when
clicking the ADD button to select users for share or
permissions. Is there a way to only display user accounts
from certain top level OUs?
Thanks for any responses. I decided to group these
questions together since they followed the same general
topic.