Creating OUs to Hide Objects
Use the Active Directory Users And Computers console and the Security tab in the Properties dialog box for the OU to create OUs for the purpose of hiding objects. Only users who can modify the ACL on an OU are able to hide objects using this procedure.
To create an OU to hide objects, complete the following steps:
1.Create the OU where you will hide objects, as described in “Creating OUs.”
2.Right-click the OU and select Properties.
3.In the Properties dialog box for the OU, click the Security tab.
Note To view the Security tab in the Properties dialog box for an OU, you must select Advanced Features from the View menu on the Active Directory Users And Computers console.
4.In the Properties dialog box Security tab, shown in Figure 6-6, remove all existing permissions from the OU. Click Advanced.
5.In the Advanced Security Settings dialog box for the OU, clear the Allow Inheritable Permissions From The Parent To Propagate To This Object And All Child Objects check box.
6.In the Security message box, click Remove. Click OK.
7.In the Properties dialog box Security tab, identify the groups that you want to have full control on the OU. Grant those groups full control.
8.Identify the groups that should have generic read access on the OU and its contents. Grant those groups read access.
9.Identify any other groups that might need specific access, such as the right to create or delete a particular class of objects, on the OU. Grant those groups the specific access. Click OK.
10. Move the objects you want to hide into the OU.
A site is a set of IP subnets connected by a highly reliable and fast link (usually a LAN). Site structure mirrors the location of user communities. Sites have two main roles: to facilitate authentication and the replication of data between sites. Active Directory replicates information in two ways: intrasite (within a site) and intersite (between sites).
For optimum network response time and application availability, place at least one domain controller in each site or two domain controllers in each domain.
Intersite replication is replication that occurs between sites.
A site link is a logical, transitive connection between two or more sites that mirrors the network links and allows replication to occur.
Bridgehead servers are the contact point for exchange of directory information between sites. When two sites are connected by a site link, the KCC automatically selects bridgehead servers. You can designate bridgehead servers manually, called “preferred” bridgehead servers.
