Unsolved
This post is more than 5 years old
11 Posts
0
1855
Hide Active Directory users
Hello!
I have Isilon with OneFS 7.0.2.8 connected with Active Directory.
Isilon have in Active directory a computer object.
The computer object see all users in Active Directory.
I need that Isilon see only users in some OU.
How I can do it?
alex087
11 Posts
0
April 15th, 2016 00:00
Ok.
Thanks.
sluetze
300 Posts
0
April 15th, 2016 00:00
you could deny the Access for the computer-account on the OUs the isilon shall not be able to view. As far as i remember it isn't recommended to use the deny rules when possible, since it makes the whole Thing hard to maintain.
But this is more an permission thing in AD than an isilon topic.
Rgds
-- sluetze
alex087
11 Posts
0
April 18th, 2016 23:00
For example: I have parent OU Isilon and child OU 123
When I deny List Contents permission on OU Isilon, any users can't see OU 123.
Why do OneFs see users in OU 123?
sluetze
300 Posts
0
April 19th, 2016 00:00
because OneFS is using a computer-account to authenticate and not a user-account.
so you would have to deny the Access not for users but for the computer-account of the isilon.
if you have this requirement for the isilon only, only deny Access for the isilon - you may have weird side-effects if you deny it for all users or all Computers.
Rgds
-- sluetze
alex087
11 Posts
0
April 19th, 2016 01:00
When I denied access the computer account Isilon the problem persists:
sluetze
300 Posts
0
April 19th, 2016 04:00
too bad i don't have an environment to try it on my own....
can you just deny everything for the Isilon on this OU? so we can be sure, that we have the deny on the correct setting?
alex087
11 Posts
0
April 19th, 2016 05:00
The problem persists
But if I deny access Isilon for 123 OU, work correct: