users in multiple OU's

[Guest]

Hi,

Is it possible to add users in multiple OU's? I want to
create multiple logon scripts for users via gpo. I created
a script that adds aut. shortcuts to the users desktop.
The problem is that some users donot need all the
shortcuts defined in the logonscripts and so i want those
users not to receive those scripts by adding them in
several OU's.

thanks in advance, mIchael

 

[Chriss3]

No but you can put those users in a security group and filter out the GPO.
You simply edit the ACL (Security) for the GPO and Deny Apply Policy for
this group with the members.

How ever the members must still exist in the OU but will not receive this
policy, I think that was your goal here? More information are found below.

Filter the scope of Group Policy according to security group membership
http://www.microsoft.com/resources/...erv/2003/enterprise/proddocs/en-us/Filter.asp

 

[Laura E. Hunter \(MVP\)]

Any AD object (user, computer, etc.) can only exist in a single container at
a time, so you can only place a user into a single OU at a time.

Since you're looking at a login script, you can use command-line tools like
ifmember.exe (Resource Kit) or memberof.exe (www.joeware.net, in the Win32
C# downloads section) That way you can do things like:

(Pseudocode only, this will not work syntactically):

If (memberof Accounting=true) {
copy "accountingapp.lnk" c:\documents and settings\%username%\desktop
}

 

[Guest]

Ok, thanks all. I gonna try both you're solutions.
Agian thanks!