Recipe 5.10 Allowing OUs to Be Created Within Containers

5.10.1 Problem

You want to create an OU within a container. By default, you cannot create OUs within container objects due to restrictions in the Active Directory schema.

5.10.2 Solution Using a graphical user interface
  1. Open the Active Directory Schema snap-in as a user that is a member of the Schema Admins group. See Recipe 10.1 for more on using the Schema snap-in.

  2. Expand the Classes folder, right-click on the organizationalUnit class, and select Properties.

  3. Select the Relationship tab and, next to Possible Superior, click Add Superior (Windows Server 2003) or Add (Windows 2000).

  4. Select container and click OK.

  5. Click OK. Using a command-line interface

Create an LDIF file called ou_in_container.ldf with the following contents:

dn: cn=organizational-unit,cn=schema,cn=configuration,<ForestRootDN> changetype: modify add: possSuperiors possSuperiors: container -

then run the ldifde command to import the change:

> ldifde -i -f ou_in_container.ldf Using VBScript
' This code modifies the schema so that OUs can be created within containers Const ADS_PROPERTY_APPEND = 3 set objRootDSE = GetObject("LDAP://RootDSE") set objOUClass = GetObject("LDAP://cn=organizational-unit," & _                            objRootDSE.Get("schemaNamingContext") ) objOUClass.PutEx ADS_PROPERTY_APPEND, "possSuperiors", Array("container") objOUClass.SetInfo

5.10.3 Discussion

Allowing OUs to be created within containers requires a simple modification to the schema. You have to make the container class one of the possible superiors (possSuperiors attribute) for the organizationalUnit class.

5.10.4 See Also

Recipe 10.1 for using the Schema snap-in and MS KB 224377 (Configuring Different Containers to Hold Organizational Units)

Active Directory Cookbook
Active Directory Cookbook, 3rd Edition
ISBN: 0596521103
EAN: 2147483647
Year: 2006
Pages: 456

Similar book on Amazon © 2008-2017.
If you may any questions please contact us: