Re: AD reorganization

From: "Florian Frommherz [MVP]" <florian@xxxxxxxxxxxxxxxxxxxxxxxxxx>
Date: Wed, 14 May 2008 09:24:07 +0200

Howdie!

skip schrieb:

We are running in a native Windows 2003 AD domain, we will be renaming OU's and moving users around to differnet OU's. A concern has come up that moving users or renaming an OU might cause issues with users trying to log onto the domain, or cause issues with accessing data on file servers. Another qestion i have is if i move a group of users from one OU that has a gpo attached to it and the GPO maps a drive or a printer, when the account gets moved to the target OU and that target OU has gpo that also maps a drive and printer, then what will happen to the old settings that got applied? Our setup is pretty basic all user accounts live in the same domain.

While moving the users from one OU to another, there shouldn't be any complications for them to login. The movement process for a unique user account is pretty fast.

Regarding your GPO question: the new GPOs will be applied during background refresh. Depending on the Client Side Extension (CSE) that is responsible for the specific policy setting you make, changes get reflected right away (after background refresh of the policy) others need a reboot/re-login to get applied - such as scripts.

So for your printer and drive mapping scripts -- people will have to log off and log back in to get the new drives and printers applied. But once they've moved from one OU to another and you gave them some time to re-apply Group Policy (~2 hours by default is enough), everything should run smoothly.

cheers,

Florian
--
Microsoft MVP - Windows Server - Group Policy.
eMail: prename [at] frickelsoft [dot] net.
blog: http://www.frickelsoft.net/blog.
Use a newsreader! http://www.frickelsoft.net/news.html
.

References:
- AD reorganization
  - From: skip

Prev by Date: Re: AD GPOs, machine accounts and Desktop/Start menu icons
Next by Date: RE: Change address in AD
Previous by thread: AD reorganization
Next by thread: Use of displayNamePrintable and/or adminDisplayName
Index(es):
- Date
- Thread

Relevant Pages

Re: Group Policy Question in TS Environment
... What you can do is create a TS GPO which does allow them access to ... all drives, and configure this GPO with "loopback processing" and ... place the Terminal Server in a separate OU ... > I've created a Group Policy Opject that properly restricts ...
(microsoft.public.windows.terminal_services)
Local Drives
... I want to block local drives with group policy. ... a way to block these drives with my GPO? ...
(microsoft.public.win2000.group_policy)
Re: Using Group Policy to give install permission
... Group Policy is simply (well, ... Active Directory there is only one Organizational Unit: ... Your user account objects or computer account objects must directly reside ... in the Organizational Unit to which you linked the GPO. ...
(microsoft.public.win2000.group_policy)
Re: Terminal Server GPO Issue
... The name of the OU where the GPOs should not be applied is: Citrix XP ... They both sit at the same level under an OU called Servers. ... Microsoft Windows Operating System Group Policy Result tool v2.0 ... Sharepoint Auth GPO ...
(microsoft.public.windows.server.active_directory)
Re: policy for only two computers
... a setting in a Domain-linked GPO then the setting in the Domain-linked GPO ... what happens if there are conflicting settings at the same level? ... go to the Group Policy tab and click on the New... ... the Computer Configuration half and the User Configuration ...
(microsoft.public.win2000.group_policy)