Exclude OU from Managed Domain

Hello -

I've inherited an Active Roles installation on an AD domain so I'm still learning some of the ins and outs of it.

I have a need to create an OU structure, within our existing managed domain, that is not managed by Active Roles.  So, effectively, create an OU as if Active Roles doesn't exist in our environment.

Is that even possible?

If not, I guess the next best option would be to fully exclude it from every aspect of AR - no managed unit, no policies, etc. I assume that's something that could achieved, correct? Is there an easy one stop spot to do that or is that a piece by piece exclusion?

Thanks for any insights you can provide.

Robin

Parents
  • Yes, you can exclude an OU from Active Roles management. While you can't make it completely invisible to AR, you can remove it from managed units, exclude it from policies, and restrict access using permissions. It’s a piece-by-piece approach, but setting explicit deny permissions for AR service accounts can help achieve your goal.

Reply
  • Yes, you can exclude an OU from Active Roles management. While you can't make it completely invisible to AR, you can remove it from managed units, exclude it from policies, and restrict access using permissions. It’s a piece-by-piece approach, but setting explicit deny permissions for AR service accounts can help achieve your goal.

Children
No Data