Configuration - Not Allowed OUs

Overview

SMOD allows the administrator to specify groups of users that are not allowed to use SMOD.  In this way, some specific objectives can be accomplished:

• Facilitates phased implementation of SMOD
• Allows sensitive accounts to be excluded from SMOD abilities
• Allows a specific department or business unit to implement SMOD without impacting rest of organization

This facility is provided through the use of Active Directory organizational units.  SMOD allows the administrator to specify specific organizational units (OUs) that are NOT allowed to use SMOD.  The facility allows for nesting of OUs.  In other words, a parent excluded OU will exclude all child OUs from use of SMOD as well.

How to configure Not Allowed OUs

The below shows the screenshot of Not Allowed OUs:

This screen shows the presently configured Not Allowed OUs.  From this screen, following two actions can be performed:

Delete Not Allowed OU: This will delete the selected OU from the Not Allowed OUs list

Add Organizational Unit: Click on this link to add additional Not Allowed OUs

The following screen shows the Add Organizational Unit screen:

To add a Not Allowed OU, specify the OU in Distinguished Name notation in the text box provided and click on Add.

Some additional notes related to this:

• The Distinguished Name is not verified at the time of adding so please ensure the DN is accurate
• The distinguished name should not have any spaces
• Any OU from any of your domains can be added

Nesting of OUs

SMOD allows for a parent OU to be excluded which will exclude all child OUs as well.  For example, if the Not Allowed OU is:

OU=marketing,dc=mycompany,dc=com

If there are child OUs as follows:

OU=dallas,ou=marketing,dc=mycompany,dc=com

OU=houston,ou=marketing,dc=mycompany,dc=com

Any user in Dallas or Houston OUs would not be allowed to use SMOD.