OU/Container Question Rephrased

[Steve Gould]

Let me rephrase my earlier question. I have remote users that connect via
Dialup or VPN to gain access to Exchange server and network shares (in the
case of VPN users). I would like to implement different group policy based
on remote users versus local users. To do so I thought to create OU's
instead of sites as they make more sense in our case. We do have other
sites, but they are too small to warrant DC's/servers and run peer-to-peer
networking. No need to set up AD sites for them.

So if I create OU's to help apply different group policy I also want to have
separate User and Computer containers inside each OU. This will help make
the views more human readable. The only way I see to do this is to make
sub-OU's called User and Computer within my Local OU and Remote OU. This
seems strange to me. I would think I could nest non-OU type containers
inside of an OU for this reason.

Am I making sense? Is this understandable? Is this possible?

 

[Guest]

Have you thought about just using security groups? This is an option we are
looking into. This way, we could either apply or deny policies based on this
group membership without having to create sub-OU's. We do seperate out the
computer from the user accounts, so we would actually have 2 groups, one for
remote users and one for remote workstations.

 

[Steve Gould]

Now there is a darn good suggestion that I never thought of.

It still seems to me that Microsoft should allow for container folders in
OU's so us admins can segregate users from computers for easier
administration, though.