cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question
Alex_Gilis
Copper

Identity Awareness and OU

I admit that I am not an AD expert, and I got this question following an implementation. Version is R80.20.

So basically, the user wants to be able to to use OU as objects in the policy. The closest I could get to their request is to match machines based on a search on the OU, which return an AD group. However the user would really like to use directly OU but I'm not certain about the implementation that's requested, since in my opinion if you create an acces role and search for machines based on OU, this boils down to the same thing.

TL;DR: is it possible to create just OU objects in a policy to identify machines?

0 Kudos
3 Replies

Re: Identity Awareness and OU

As far as I know you can only implement CNs (common names, i.e groups, user names or machines) but not OUs.

Royi Priov‌ can hopefully provide 100% answer Smiley Happy

0 Kudos
Employee+
Employee+

Re: Identity Awareness and OU

Kaspars Zibarts‌ thanks for tagging me!

Hi Alex,

Yes, it's possible.

First, you need to create an LDAP group which represents the OU DN.

Second, you should place this LDAP group in an access role.

Good luck!

Royi Priov

Team Leader, Identity Awareness R&D

Alex_Gilis
Copper

Re: Identity Awareness and OU

Thanks Royi Priov‌ for the answer and Kaspars Zibarts‌ for bringing the expert in! Smiley Happy