I have Isilon with OneFS 126.96.36.199 connected with Active Directory.
Isilon have in Active directory a computer object.
The computer object see all users in Active Directory.
I need that Isilon see only users in some OU.
How I can do it?
you could deny the Access for the computer-account on the OUs the isilon shall not be able to view. As far as i remember it isn't recommended to use the deny rules when possible, since it makes the whole Thing hard to maintain.
But this is more an permission thing in AD than an isilon topic.
For example: I have parent OU Isilon and child OU 123
When I deny List Contents permission on OU Isilon, any users can't see OU 123.
Why do OneFs see users in OU 123?
because OneFS is using a computer-account to authenticate and not a user-account.
so you would have to deny the Access not for users but for the computer-account of the isilon.
if you have this requirement for the isilon only, only deny Access for the isilon - you may have weird side-effects if you deny it for all users or all Computers.
too bad i don't have an environment to try it on my own....
can you just deny everything for the Isilon on this OU? so we can be sure, that we have the deny on the correct setting?