AD, Group Policies and Moving Users to a new OU
-
We have all of our Active Directory users under the default 'Users' OU - all in one container.
I'd like to split this up into different branches, ie. Back Office, Marketing, Managers etc etcHowever if I create new OU's and move users, will that break our group policies if applied to the original OU's?
Is there a way I can export all Group Policies so I can view what policies are in place (assuming i'll need to re-create them)?Thanks
Jason -
Are the users moving to a new forest? If they are just moving to a new OU you could either make them sub OUs of the Users OU. Or you could link the existing policies to the new OUs that you create.
No need to export or recreate OUs.
-
@joel Are users not already in their respective group? Even the test users in my home lab LDAP exist in a default users OU, and are then members of different group OUs for their specific purposes.
-
@coliver said in AD, Group Policies and Moving Users to a new OU:
Are the users moving to a new forest? If they are just moving to a new OU you could either make them sub OUs of the Users OU. Or you could link the existing policies to the new OUs that you create.
No need to export or recreate OUs.
You actually cant make sub OU in Users or Computers because the default Users container isnt an OU. Same with Computers default container. If you right click on these>New> you will see OU isnt available.
I always thought this was something to be fixed but it is apparently by design. -
@joel said in AD, Group Policies and Moving Users to a new OU:
However if I create new OU's and move users, will that break our group policies if applied to the original OU's?
It depends on where your Group Policies are linked. If all your group policies are linked at the domain, and you create your OUs under that, there won't be any change.
However, if your Group Policies are linked under the Users and Computers OU, and you create your new OUs outside of that, then you will need to move your Group Policy links so they are above and trickle down to your new OUs.
-
@momurda said in AD, Group Policies and Moving Users to a new OU:
@coliver said in AD, Group Policies and Moving Users to a new OU:
Are the users moving to a new forest? If they are just moving to a new OU you could either make them sub OUs of the Users OU. Or you could link the existing policies to the new OUs that you create.
No need to export or recreate OUs.
You actually cant make sub OU in Users or Computers because the default Users container isnt an OU. Same with Computers default container. If you right click on these>New> you will see OU isnt available.
I always thought this was something to be fixed but it is apparently by design.That's true thanks for correcting me.
-
Post can be closed. I found our GPO's are not tied to the OU's so was fine to simply re-create new OUs. Cheers.
