Cloudpanel and shared AD
Hi,
I have a question that may not have with cloud panel to do but I hope someone has an answer to it. I currently use cloud panel to share customers Exchange/Mailboxes on our hosted Environment.
I now need to make their pc/laptops members in the Environment. How can I separate these in the best way with security in mind? I don’t want a user to be able to run ad command from their pc and retrive ad information about other customers.
Anyone have tips or is this something that will be a feature in cloud panel in the future?
Thanks for any inputs!
Hey there. By default domain users have read access to Active Directory. In order to resolve that you need to enable List Object Mode in Active Directory and remove Authenticated Users rights from the OU’s and objects so they can’t see them if they were to browse your AD.
Also when you say “hosted Exchange” do you mean /hosting or just Exchange SP2+ or later with Address Book Policies?
Also you need to be careful with removing Authenticated User’s rights from things because it can cause group policy from being able to process objects within those OU’s.
Ok thanks for the reply, what I have today is a simple Environment for our smaller customers and a separate domain with an Exchange 2013 with latest sp and cloud panel. The idea is to expand this now and then I must be able to make customers pc’s members of the domain.
Is there anything special to keep in mind if I change the ad persmission considering Cloudpanel?
CloudPanel actually does the permission chagnes for you. Wasn’t aware you had CloudPanel installed. If you look at a company OU it should have Authenticated Users unchecked for READ and added the AllUsers@ group to have READ.
Hi Jacob,
How should I manage servers and computers with the OU’s? I created a new OU “Servers” inside the customer OU (Beside, Applications, Exchange and Users). Added the customer remote desktop server. But when I logon to the server I can’t update the policies. Get the following error when running gpupdate:
The processing of Group Policy failed. Windows could not locate the directory object OU=JOE, OU=DEN, OU=Hosting, DC=mydomain, DC=se. Group policy settings will not be enforced until this event is resolved.
Must have to do with the permissions. It’s Ok when I move the server outside the Hosting OU.
Any ide’a how to deal with this. I do not want to mess up the permissions for cloud panel.
Thanks
- 5 Forums
- 714 Topics
- 3,630 Posts
- 1 Online
- 254 Members