Can a machine be placed in multiple OUs

[John]

I am try to setup a system and put it into 2 differnet OUs becuase two
uses of the system need access to differnet file shares. After appling
the GPO I am getting errors trying to add the system to a differnet OU
.. Is this possible?

 

[Cary Shultz [A.D. MVP]]

No. An object can only reside in one 'container' at a time. So, if it is
in the 'Workstations' Organizational Unit it can not be a member of any
other container at that time. It can be move to another container. But it
can reside in only one container at a time. Think about this for a second.
Each object has a Distinguished Name ( the DN: ).

I am not sure what difference it makes as to what machine the users are
logging on - and where that computer object resides - and what mapped
network drives they get. The mapped network drives are usually handled by
the logon script. And that is something that is handled on the user side of
things ( logon, logoff ) and not necessarily on the computer side of things
( startup, shutdown ).

You might want to look into assigning mapped network drives based on group
membership ( for example, the members of the Marketing group get
\\servername\marketing mapped to the N:\ drive while the members of the
Finance group get \\servername\finance mapped to the N:\ drive ). Please
take a look - as one example - at http://www.rlmueller.net. He has several
examples of how to accomplish this.

Does this answer your question?

HTH,

Cary

 

[Ken B]

No. A computer, or any object for that matter, can be a member of only one
OU at any given time.

You can apply more than one group policy to an OU, however.

If I read your original post correctly, you need 2 different users to access
different shares on a server? If that's the case, you could use user login
scripts on their user account properties, and just put 2 different login
scripts in the \\domain\netlogon share.

Hope this helps!... and welcome to Windows!

Ken

 

[Herb Martin]

I am try to setup a system and put it into 2 differnet OUs becuase two
uses of the system need access to differnet file shares. After appling
the GPO I am getting errors trying to add the system to a differnet OU
. Is this possible?

No (as others have told you) but if you problem is user share
access then the OU of the MACHINE isn't very important.

User shares are controlled by (any of) the User's Profile, the
User's GPO(s), or the User's Logon script(s).

Since two different users can be in different OUs or you can
use a variety of other methods to distinguish them (both
simply with %username% and through scripting and command
tools) you can easily give users different share connections
based on their identity.

Shares are in the BOTTOM half or user portion of the GPO.

Logon scripts in that same portion or drawn from the legacy
item in the user's account property sheet are specific to the
user (not the machine).

The user's profile is of course individual (in most cases) too.