| Author | Messages | |
partlake
Posts:43
 | | 08/10/2011 4:24 PM |
| If you create an OU in ADUC it is automatically protected from accidental deletion, but not so if you create an OU with GPMC. Is there a way to change this default behaviour? (sorry if this is off-topic for this group!)
| | | |
| dmarelia
Posts:441
| | 08/10/2011 7:23 PM |
| Nick-
I don't know of a way to force this in GPMC. Keep in mind, however, that all that little tick box is doing in ADUC is adding a Deny Delete ACE for Everyone to the OU. So, you could easily go back to OUs created in GPMC and add that manually or via script. In general, I don't usually delegate OU creation to very many people, so if its limited to a few well-known AD admins, you may be able to avoid this problem altogether.
Darren
From: gptalk-owner@lists.gpoguy.com [mailto:gptalk-owner@lists.gpoguy.com] On Behalf Of nick portlock
Sent: Wednesday, August 10, 2011 4:48 AM
To: gpoguy newslist darren mar elia
Subject: [gptalk] prevent OU deletion with GPMC create
If you create an OU in ADUC it is automatically protected from accidental deletion, but not so if you create an OU with GPMC. Is there a way to change this default behaviour? (sorry if this is off-topic for this group!)
| | | |
| partlake
Posts:43
| | 08/10/2011 8:00 PM |
| Maybe a better option would be to disable the creation of OUs from within the GPMC??! – (Although I don’t know how you’d do that either!)
From: Darren Mar-Elia
Sent: Wednesday, August 10, 2011 9:47 AM
To: gptalk@lists.gpoguy.com
Subject: RE: [gptalk] prevent OU deletion with GPMC create
Nick-
I don’t know of a way to force this in GPMC. Keep in mind, however, that all that little tick box is doing in ADUC is adding a Deny Delete ACE for Everyone to the OU. So, you could easily go back to OUs created in GPMC and add that manually or via script. In general, I don’t usually delegate OU creation to very many people, so if its limited to a few well-known AD admins, you may be able to avoid this problem altogether.
Darren
From: gptalk-owner@lists.gpoguy.com [mailto:gptalk-owner@lists.gpoguy.com] On Behalf Of nick portlock
Sent: Wednesday, August 10, 2011 4:48 AM
To: gpoguy newslist darren mar elia
Subject: [gptalk] prevent OU deletion with GPMC create
If you create an OU in ADUC it is automatically protected from accidental deletion, but not so if you create an OU with GPMC. Is there a way to change this default behaviour? (sorry if this is off-topic for this group!)
| | | |
| dmarelia
Posts:441
| | 08/10/2011 8:07 PM |
| Can’t do it Nick. You can delegate away the right to create OUs natively in AD, for those users who manage GP, but not within GPMC. It’s possible that you could hack GPMC’s snap-in registrations to remove the Create OU menu item, but I haven’t looked deep enough to know if it was possible.
Darren
From: gptalk-owner@lists.gpoguy.com [mailto:gptalk-owner@lists.gpoguy.com] On Behalf Of nick portlock
Sent: Wednesday, August 10, 2011 8:26 AM
To: gptalk@lists.gpoguy.com
Subject: Re: [gptalk] prevent OU deletion with GPMC create
Maybe a better option would be to disable the creation of OUs from within the GPMC??! – (Although I don’t know how you’d do that either!)
From: Darren Mar-Elia<mailto:darren@sdmsoftware.com>
Sent: Wednesday, August 10, 2011 9:47 AM
To: gptalk@lists.gpoguy.com<mailto:gptalk@lists.gpoguy.com>
Subject: RE: [gptalk] prevent OU deletion with GPMC create
Nick-
I don’t know of a way to force this in GPMC. Keep in mind, however, that all that little tick box is doing in ADUC is adding a Deny Delete ACE for Everyone to the OU. So, you could easily go back to OUs created in GPMC and add that manually or via script. In general, I don’t usually delegate OU creation to very many people, so if its limited to a few well-known AD admins, you may be able to avoid this problem altogether.
Darren
From: gptalk-owner@lists.gpoguy.com<mailto:gptalk-owner@lists.gpoguy.com> [mailto:gptalk-owner@lists.gpoguy.com]<mailto:[mailto:gptalk-owner@lists.gpoguy.com]> On Behalf Of nick portlock
Sent: Wednesday, August 10, 2011 4:48 AM
To: gpoguy newslist darren mar elia
Subject: [gptalk] prevent OU deletion with GPMC create
If you create an OU in ADUC it is automatically protected from accidental deletion, but not so if you create an OU with GPMC. Is there a way to change this default behaviour? (sorry if this is off-topic for this group!)
| | | |
|
|