Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Alex-
Leader Leader
Leader

Identity Awareness and OU

I admit that I am not an AD expert, and I got this question following an implementation. Version is R80.20.

So basically, the user wants to be able to to use OU as objects in the policy. The closest I could get to their request is to match machines based on a search on the OU, which return an AD group. However the user would really like to use directly OU but I'm not certain about the implementation that's requested, since in my opinion if you create an acces role and search for machines based on OU, this boils down to the same thing.

TL;DR: is it possible to create just OU objects in a policy to identify machines?

0 Kudos
3 Replies
Kaspars_Zibarts
Employee Employee
Employee

As far as I know you can only implement CNs (common names, i.e groups, user names or machines) but not OUs.

Royi Priov‌ can hopefully provide 100% answer Smiley Happy

0 Kudos
Royi_Priov
Employee
Employee

Kaspars Zibarts‌ thanks for tagging me!

Hi Alex,

Yes, it's possible.

First, you need to create an LDAP group which represents the OU DN.

Second, you should place this LDAP group in an access role.

Good luck!

Royi Priov

Team Leader, Identity Awareness R&D

Thanks,
Royi Priov
R&D Group manager, Infinity Identity
Alex-
Leader Leader
Leader

Thanks Royi Priov‌ for the answer and Kaspars Zibarts‌ for bringing the expert in! Smiley Happy

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events