AD-OU feature in DomainService piece of TechIdManger

New for DomainService version 1.90 is the AD-OU feature. This feature allows the managed privileged technician accounts to be created (or moved) to an OU (Organizational Unit) within the AD structure on your clients’ domains. If you bill based on the number of users, or want to segment the end users’ accounts from your tech accounts, this can help.

The OUs are defined on a per domain basis, and show in the ManagementConsole. This means that each DomainService can have a different OU, or you can use the same named OU across domains. To set the OU for a domains run the following command (after installing at least DomainService version 1.90) on each domain controller where DomainSerivce is installed:

DomainService.exe OU {OUName}

Obviously, replace {OUName} with the name you want to use for the OU, and if the OUName has spaces in it use quotes (” “) around the OUName. The syntax is X.Y.Z where X is the top level folder, Y is the next folder down, etc… You should not use the CN=… syntax. The change to OU will take effect at the next run. This can do done with the RuffianDomainService running, or stopped (just make sure to start the DomainService if you ever stop it). If the OU does not exist, it will be created. Any new tech accounts will be created in the OU and the existing tech accounts will be moved to the OU.

Note: If you don’t set the OU option then the tech accounts will not be moved and new accounts will be created in “Users”.

Note: If you set the OU to “Users” then the tech accounts will be moved to the default Users OU (I know “Users” is not technically an OU, it is a CN, but it is commonly referred to as an OU….)

Note: You can also use “reset” to return to default value.