Exclude OU from Managed Domain

Question

Hello - 
 I've inherited an Active Roles installation on an AD domain so I'm still learning some of the ins and outs of it. 
 I have a need to create an OU structure, within our existing managed domain, that is not managed by Active Roles. So, effectively, create an OU as if Active Roles doesn't exist in our environment. 
 Is that even possible? 
 If not, I guess the next best option would be to fully exclude it from every aspect of AR - no managed unit, no policies, etc. I assume that's something that could achieved, correct? Is there an easy one stop spot to do that or is that a piece by piece exclusion? 
 
 Thanks for any insights you can provide. 
 
 Robin

Daniel.Bishop · Accepted Answer

Hi Robin, 
 We have a built-in Policy ("Built-in Policy - Exclude from Managed Scope") that may be what you're looking for. 
 By linking this policy to any object (User, Group, OU, domain, etc.) it will in effect make that object Read-Only to Active Roles. It can be seen within Active Roles, but will be excluded from all operations. 
 Details can be found here for how to implement it: 
 Managed scope to control product usage 
 This will work for any 8.x versions of Active Roles. 
 Thanks, 
 Daniel

Exclude OU from Managed Domain

Top Replies