|Hello ijack and thank you for your support !|
In Active Directory I have 3 Organizational Units an inside each organizational unit I have some groups.
-Group 1 - user1, user2, user3.
-Group 2 - user a, user b, user c.
-Group 3 - user 4, user5, user6.
-Group a - user A, user B, user C.
-Group b - user D, user E, user F.
-Group c - user G, user H, user I.
-Group I - user I, user II, user III
-Group II - user IV, user V, user VI.
-Group III - user VII, user VIII, user IX.
The usernames are defined in USERS. For every user defined I have defined it's computer name in COMPUTERS.
What I am trying to do is :
Users from OU1, GROUP1 (which will be, let's say, DIRECTOR) should not have anything to do with users from OU1, GROUP2 ( JANITOR, for example ) and nobody else, of course, unless it's specified. User1 from GROUP1 should only see as network computers USER2 and USER3.
How do I achieve these without VLANs or separating the network, only from active directory ? Is it possible ?