Hello,
I have an application that does a sync with AD to import the OU structure. It uses the server's machine account (computername$) to do the sync. I need to prevent it from syncing certain OUs which are not needed in the application. The application does not have any methods for exclusions in the sync. I have tested doing exclusions by denying read access to the computername$ account within a given OU's security settings in ADUC. That appears to work. One of the OUs I need to prevent from being sync'd is the System OU at the root of the domain. If I deny read access to the computername$ account of the server to the domain System OU, what impacts would that have to the server? Would it not be able to read/apply group policies? Any other impacts?
Thanks,
Joe