I am relatively new to Active Directory and have trouble understanding the following scenario:
- I have a set of users in the department of human resources
- I have a set of users in the marketing department
- Some users are both human resources and marketing.
- I create a shared folder that only the marketing department can use
- I am setting up a shared printer for the exclusive use of the HR department.
Initially, I thought I would do the following:
- Add HR users to the HR organizational unit
- Add marketing users to the marketing organization unit
- Add users to both organizational units
- Apply a group policy to the HR organizational unit so that only users can print to this printer
- Apply a Group Policy to the Marketing Organization Unit so that only users access the folder.
However, I am stuck at step 3 above because it seems like I can not add users to more than one organizational unit. I've considered using a local domain group instead of an organizational unit, but I think I can not apply a GPO to a group.
I know that there is a way to do that. Where do I lack understanding and what is the right approach to deal with this situation?