+ Post New Thread
Results 1 to 11 of 11
Windows Server 2008 R2 Thread, Daft GPO Question in Technical; Hi folks, Am I right in thinking that OUs within group policies are completely separate from OUs within AD? If ...
  1. #1
    Gongalong's Avatar
    Join Date
    Oct 2011
    Location
    United Kingdom
    Posts
    921
    Thank Post
    837
    Thanked 20 Times in 18 Posts
    Rep Power
    11

    Question Daft GPO Question

    Hi folks,

    Am I right in thinking that OUs within group policies are completely separate from OUs within AD?

    If so, why create OUs within the GP editor?

    And how do OUs within the GP editor affect the priority in which GPOs are applied?

    Sorry, I'm confused!

    TIA

  2. #2

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    16,234
    Thank Post
    894
    Thanked 1,780 Times in 1,534 Posts
    Blog Entries
    12
    Rep Power
    462
    1. They are the same
    2. N/A
    3. The lower down the OU the higher priority will the setting be. If you set enabled on a setting in an ou but on the same setting on a sub ou you selected disabled it will apply the sub ou settings.

  3. Thanks to FN-GM from:

    Gongalong (16th June 2012)

  4. #3
    Gongalong's Avatar
    Join Date
    Oct 2011
    Location
    United Kingdom
    Posts
    921
    Thank Post
    837
    Thanked 20 Times in 18 Posts
    Rep Power
    11
    Am I going mad though, because there are no OUs in the GPM by default. Certainly none that mirror those in the AD.

  5. #4

    plexer's Avatar
    Join Date
    Dec 2005
    Location
    Norfolk
    Posts
    13,609
    Thank Post
    729
    Thanked 1,688 Times in 1,502 Posts
    Rep Power
    433
    If you create an OU in ADUC then it will be available to apply GPO to in GPMC.

    You may be confusing an OU with a regular container.

    What is the difference between a Container and an OU in Active Directory? - Yahoo! Answers

    Ben

  6. Thanks to plexer from:

    Gongalong (16th June 2012)

  7. #5
    Gongalong's Avatar
    Join Date
    Oct 2011
    Location
    United Kingdom
    Posts
    921
    Thank Post
    837
    Thanked 20 Times in 18 Posts
    Rep Power
    11
    Ahhh, I inherited this system (already mostly setup), and my server knowledge is a bit rusty. I had assumed that if a container was created within AD it was essentially an OU by default.

    Presumably everything within AD is a container then, because nothing is replicated in GPM.

  8. #6
    Gongalong's Avatar
    Join Date
    Oct 2011
    Location
    United Kingdom
    Posts
    921
    Thank Post
    837
    Thanked 20 Times in 18 Posts
    Rep Power
    11
    Is this the only reason to create an OU, instead of a container? i.e. for use with GPM.

  9. #7
    Gongalong's Avatar
    Join Date
    Oct 2011
    Location
    United Kingdom
    Posts
    921
    Thank Post
    837
    Thanked 20 Times in 18 Posts
    Rep Power
    11
    Presumably a container is described as a "shared folder" in AD?

    Would there be any dangers of taking users/computers from shared folders and putting them into OUs to then organise GPM "properly"?

    Is using OUs and GPMs the recommended way to go with respect to applying policies to groups of users? (I've been using security groups)
    Last edited by Gongalong; 18th June 2012 at 09:51 AM.

  10. #8
    ricki's Avatar
    Join Date
    Jul 2005
    Location
    uk
    Posts
    1,475
    Thank Post
    20
    Thanked 164 Times in 157 Posts
    Rep Power
    52
    A folder in active directory in users and computers is called a OU.

    Group policies are placed in ou's to apply settings to the objects in the ou. This might be computer or users.

    Richard

  11. 2 Thanks to ricki:

    andyturpie (18th June 2012), Gongalong (18th June 2012)

  12. #9

    Join Date
    May 2011
    Location
    Jus North of London, close but not too close
    Posts
    862
    Thank Post
    192
    Thanked 72 Times in 67 Posts
    Rep Power
    50
    Shared folders are different than OU's, you apply Group Policies to OU's.

    What server OS have you got. With AD you can basically create a OU tree structure for Users and Computers i.e. An OU in the Tree for Workstations then OU's within that for Different Buildings, Departments etc. (you can group machines together for printer deployment, application distribution, or specific security requirements) it depends on your network structure, physical layout, requirements etc.

  13. 2 Thanks to Davit2005:

    andyturpie (18th June 2012), Gongalong (18th June 2012)

  14. #10
    Gongalong's Avatar
    Join Date
    Oct 2011
    Location
    United Kingdom
    Posts
    921
    Thank Post
    837
    Thanked 20 Times in 18 Posts
    Rep Power
    11
    Sorry folks, I edited the above post while the replies came in.

    ricki: A shared folder is not an OU, as per Davit2005's post. Part of the confusion here, for me at least.

    Davit2005: Server 2008 R2 (I did post in the correct forum, honest! )

    Perhaps this is a discussion point, but is the recommended approach to use OUs for organisation of users and PCs, particularly where GPs need to be applied? I've inherited this AD, and it's been setup with shared folders (essentially using the default folders for the most part).

  15. #11
    themightymrp's Avatar
    Join Date
    Dec 2009
    Location
    Leeds, West Yorkshire
    Posts
    1,258
    Thank Post
    218
    Thanked 232 Times in 200 Posts
    Rep Power
    74
    Yes, you should be putting users and computers into OU's in some kind of order that mirrors how you want your network to run. You can then apply group policies to these OU's.

    Example, we have 2 main OU's, one called Network Users, One called Network Machines. All user accounts go in one, computers in the other. Each main OU contains sub OU's such as Admins, Staff, Students. Divide the user accounts across these folders and you can then apply different settings based on what kind of user you have.

  16. Thanks to themightymrp from:

    Gongalong (18th June 2012)

SHARE:
+ Post New Thread

Similar Threads

  1. Cheeky GPO Question
    By garethedmondson in forum Windows 7
    Replies: 2
    Last Post: 4th May 2010, 09:03 PM
  2. GPO question
    By Newton in forum Windows
    Replies: 10
    Last Post: 15th July 2008, 10:44 PM
  3. WSUS - small question regarding GPO's
    By DanW in forum Windows
    Replies: 4
    Last Post: 10th April 2008, 02:12 PM
  4. daft sims question of the day
    By Uraken in forum MIS Systems
    Replies: 4
    Last Post: 18th October 2007, 01:15 PM
  5. Question about GPO settings on IE
    By Kyle in forum Windows
    Replies: 4
    Last Post: 9th March 2006, 11:26 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •