Re: Group Policy Question

Stosti,

Bad choice for an example. You can have only one password policy per
domain. You can not have a different password policy linked to each OU.
This will not have the desired effect.

Now, why did I write my response this way? Because you very much can have
a password GPO and link it to each OU. However, it will not affect any
domain user account objects that might be located in that OU. These user
account objects are under the Scope of Management of the password policy set
at the Domain level. What will fall under the Scope of Management of the
OU-linked password policies would be any local user accounts of any
computers that might also be located in these OUs. And, we are probably not
interested in something like this. Users generally do not have local user
accounts (meaning, local in the computer....they have the domain user
account objects).

If you want to have different OUs and place the desired user account objects
in the appropriate OU in your new OU structure you can simply create and
link the desired GPO to the correct OU.

How do you create a GPO and link it to an OU? There are basically two tools
for this: the ADUC and the GPMC. If you are using the ADUC MMC (Active
Directory Users and Computers) then you simply right click the OU in
question, select properties and then go to the Group Policy tab. There you
would click on new, give it a name (or, a Friendly Name in gpoesse) and you
have just created the GPO and linked it to that OU. Huh? But there is
nothing there. Correct, but you have created and linked. Now you need to
edit! So, click on the edit button and do your thing. Once you have done
this for this OU you would repeat the process for each OU.

I might suggest that you check out the GPMC. It is a really neat tool.
There are lots of articles on this. Please note that once you install the
GPMC you will not be able to use ADUC for purposes of creating/editing GPOs.
The GPMC takes that role over for good once installed.

Now, please understand that when you create and link the GPO that you have
performed two separate functions. You have created the GPO and then linked
it to the desired OU. That GPO exists in Active Directory. You can use
that same GPO and link it to several OUs.

Does this help you?

--
Cary W. Shultz
Roanoke, VA 24012

"stosti" <stosti@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:C5B0F3B7-20A8-4F01-A57B-4B5881672B6A@xxxxxxxxxxxxxxxx
> Today I have a default group policy for all of my users. I created a
> different O.U. for each department. Now I would like a different group
> policy per O.U. Do you have instructions for doing this?
>
> Example I will set a different password policy per OU.
>
> Thanks,
> Scott


.