What you heard on the WebCast was correct. Any object can only exist once in
AD, anywhere in the forest. There are many ways to deal with what it sounds
like you need but I am sure if you explain your exact needs in more detail
you will get a more accurate answers.
The issue is probably that a 'user' and/or and 'computer' recieves settings
from potentially many GPOs and all of the settings combined in those
multiple GPOs will ultimately combine to create the 'state' of the system.
If the user is Usera and Monday Usera is a nurse and Wednesday Usera is an
adminsitrator the 'user' is still Usera and Usera is still receiving the
same settings from day to day. Group Policy applies to the object depending
on where it is in the hierarchy of AD there is no way to get around this.
There is no way to tell the logon process taht today Usera is actually a
different identity it will always be the same security principal.
You may end up needing to have two IDs UserNurse and UserAdministrator.
Messy but depending on what you are trying to do that may be your solutions.
There are probably other kludge solutions.
Kevin Sullivan
Product Manager
AutoProf
http://www.autoprof.com/policy