+ Post New Thread
Results 1 to 11 of 11
Windows Server 2008 R2 Thread, Daft GPO Question in Technical; Hi folks, Am I right in thinking that OUs within group policies are completely separate from OUs within AD? If ...
  1. #1
    Gongalong's Avatar
    Join Date
    Oct 2011
    Location
    United Kingdom
    Posts
    825
    Thank Post
    721
    Thanked 14 Times in 13 Posts
    Rep Power
    9

    Question Daft GPO Question

    Hi folks,

    Am I right in thinking that OUs within group policies are completely separate from OUs within AD?

    If so, why create OUs within the GP editor?

    And how do OUs within the GP editor affect the priority in which GPOs are applied?

    Sorry, I'm confused!

    TIA

  2. #2

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,387
    Thank Post
    797
    Thanked 1,585 Times in 1,388 Posts
    Blog Entries
    10
    Rep Power
    427
    1. They are the same
    2. N/A
    3. The lower down the OU the higher priority will the setting be. If you set enabled on a setting in an ou but on the same setting on a sub ou you selected disabled it will apply the sub ou settings.

  3. Thanks to FN-GM from:

    Gongalong (16th June 2012)

  4. #3
    Gongalong's Avatar
    Join Date
    Oct 2011
    Location
    United Kingdom
    Posts
    825
    Thank Post
    721
    Thanked 14 Times in 13 Posts
    Rep Power
    9
    Am I going mad though, because there are no OUs in the GPM by default. Certainly none that mirror those in the AD.

  5. #4

    plexer's Avatar
    Join Date
    Dec 2005
    Location
    Norfolk
    Posts
    12,964
    Thank Post
    586
    Thanked 1,494 Times in 1,340 Posts
    Rep Power
    397
    If you create an OU in ADUC then it will be available to apply GPO to in GPMC.

    You may be confusing an OU with a regular container.

    What is the difference between a Container and an OU in Active Directory? - Yahoo! Answers

    Ben

  6. Thanks to plexer from:

    Gongalong (16th June 2012)

  7. #5
    Gongalong's Avatar
    Join Date
    Oct 2011
    Location
    United Kingdom
    Posts
    825
    Thank Post
    721
    Thanked 14 Times in 13 Posts
    Rep Power
    9
    Ahhh, I inherited this system (already mostly setup), and my server knowledge is a bit rusty. I had assumed that if a container was created within AD it was essentially an OU by default.

    Presumably everything within AD is a container then, because nothing is replicated in GPM.

  8. #6
    Gongalong's Avatar
    Join Date
    Oct 2011
    Location
    United Kingdom
    Posts
    825
    Thank Post
    721
    Thanked 14 Times in 13 Posts
    Rep Power
    9
    Is this the only reason to create an OU, instead of a container? i.e. for use with GPM.

  9. #7
    Gongalong's Avatar
    Join Date
    Oct 2011
    Location
    United Kingdom
    Posts
    825
    Thank Post
    721
    Thanked 14 Times in 13 Posts
    Rep Power
    9
    Presumably a container is described as a "shared folder" in AD?

    Would there be any dangers of taking users/computers from shared folders and putting them into OUs to then organise GPM "properly"?

    Is using OUs and GPMs the recommended way to go with respect to applying policies to groups of users? (I've been using security groups)
    Last edited by Gongalong; 18th June 2012 at 09:51 AM.

  10. #8
    ricki's Avatar
    Join Date
    Jul 2005
    Location
    uk
    Posts
    1,466
    Thank Post
    20
    Thanked 164 Times in 157 Posts
    Rep Power
    51
    A folder in active directory in users and computers is called a OU.

    Group policies are placed in ou's to apply settings to the objects in the ou. This might be computer or users.

    Richard

  11. 2 Thanks to ricki:

    andyturpie (18th June 2012), Gongalong (18th June 2012)

  12. #9

    Join Date
    May 2011
    Location
    Jus North of London, close but not too close
    Posts
    671
    Thank Post
    155
    Thanked 51 Times in 49 Posts
    Rep Power
    33
    Shared folders are different than OU's, you apply Group Policies to OU's.

    What server OS have you got. With AD you can basically create a OU tree structure for Users and Computers i.e. An OU in the Tree for Workstations then OU's within that for Different Buildings, Departments etc. (you can group machines together for printer deployment, application distribution, or specific security requirements) it depends on your network structure, physical layout, requirements etc.

  13. 2 Thanks to Davit2005:

    andyturpie (18th June 2012), Gongalong (18th June 2012)

  14. #10
    Gongalong's Avatar
    Join Date
    Oct 2011
    Location
    United Kingdom
    Posts
    825
    Thank Post
    721
    Thanked 14 Times in 13 Posts
    Rep Power
    9
    Sorry folks, I edited the above post while the replies came in.

    ricki: A shared folder is not an OU, as per Davit2005's post. Part of the confusion here, for me at least.

    Davit2005: Server 2008 R2 (I did post in the correct forum, honest! )

    Perhaps this is a discussion point, but is the recommended approach to use OUs for organisation of users and PCs, particularly where GPs need to be applied? I've inherited this AD, and it's been setup with shared folders (essentially using the default folders for the most part).

  15. #11
    themightymrp's Avatar
    Join Date
    Dec 2009
    Location
    Leeds, West Yorkshire
    Posts
    941
    Thank Post
    177
    Thanked 179 Times in 154 Posts
    Rep Power
    43
    Yes, you should be putting users and computers into OU's in some kind of order that mirrors how you want your network to run. You can then apply group policies to these OU's.

    Example, we have 2 main OU's, one called Network Users, One called Network Machines. All user accounts go in one, computers in the other. Each main OU contains sub OU's such as Admins, Staff, Students. Divide the user accounts across these folders and you can then apply different settings based on what kind of user you have.

  16. Thanks to themightymrp from:

    Gongalong (18th June 2012)

SHARE:
+ Post New Thread

Similar Threads

  1. Cheeky GPO Question
    By garethedmondson in forum Windows 7
    Replies: 2
    Last Post: 4th May 2010, 09:03 PM
  2. GPO question
    By Newton in forum Windows
    Replies: 10
    Last Post: 15th July 2008, 10:44 PM
  3. WSUS - small question regarding GPO's
    By DanW in forum Windows
    Replies: 4
    Last Post: 10th April 2008, 02:12 PM
  4. daft sims question of the day
    By Uraken in forum MIS Systems
    Replies: 4
    Last Post: 18th October 2007, 01:15 PM
  5. Question about GPO settings on IE
    By Kyle in forum Windows
    Replies: 4
    Last Post: 9th March 2006, 11:26 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •