I know you cannot use an Active Directory OU as a security principal (something I miss from Novell). I was wondering if anyone has a good way of automatically/dynamically making all users in a certain OU members of a certain group.
Here's why (and if you have a better way, please let me know):
We already have groups on the domain for workstation administrators and power users. We add these domain groups to the local administrators and power users groups on all the workstations (this is scripted and launched through group policy). I want to be able to say "everyone in this OU has administrator privs and everyone in this OU has power user privs to the workstations" without having to manually add everyone to the groups.
The other thing is that this would have to automatically clean out users that are no longer in the source OU's. I wouldn't want to have a user that was moved to a different OU retain privs that they shouldn't any longer have.
Thanks for any input.
Here's why (and if you have a better way, please let me know):
We already have groups on the domain for workstation administrators and power users. We add these domain groups to the local administrators and power users groups on all the workstations (this is scripted and launched through group policy). I want to be able to say "everyone in this OU has administrator privs and everyone in this OU has power user privs to the workstations" without having to manually add everyone to the groups.
The other thing is that this would have to automatically clean out users that are no longer in the source OU's. I wouldn't want to have a user that was moved to a different OU retain privs that they shouldn't any longer have.
Thanks for any input.
