Moving machines from one OU to another

Now that we have created some new OUs, what about placing objects inside of these OUs? Every domain user account that you have, as well as every device that is joined to your domain, has an object inside Active Directory that has a home somewhere. In well-organized directories, that home is probably in an appropriately named OU. If you run IT for a company and this is the first time you are learning about OUs, then at this point in time it is likely that all of your computer objects are sitting inside the default Computers container, which as we just learned is not an OU at all.

Moving objects from one location to another inside Active Directory is quite simple, and is best accomplished from inside ADUC. As you can see in the following, my LAPTOP1 computer object currently resides inside the Accounting OU. I have recently created more specific nested OUs called Accounting Users and Accounting Computers, and I am now interested in moving LAPTOP1 into the more specific OU that is called Accounting Computers. Right-click on the LAPTOP1 object itself, click Move..., and then simply choose the new OU where you would like LAPTOP1 to reside:

What is extremely important to note here is that this move from Accounting to Accounting Computers will result in some changes on my LAPTOP1 workstation. While we have no indication of these changes inside ADUC, we are actually changing which GPOs are going to be applied to LAPTOP1 when we make this transition. By heading back into GPMC, you can see that my Set Desktop Wallpaper to Orange 2 GPO is linked at the Accounting OU, and so that GPO was applying to LAPTOP1 previously. Now that we have moved LAPTOP1 into the Accounting Computers OU, you can see that the Set Desktop Wallpaper to Blue 1 GPO is going to start applying to my workstation, because it is linked specifically to the Accounting Computers OU where LAPTOP1 now resides:

You can see how administering Group Policy and administering Active Directory are inseparable functions. While we sometimes need to utilize a combination of both the GPMC and ADUC consoles, it is critically important to always be comparing changes side by side in both consoles so that you can fully understand the implications of the changes you are making. One simple move of a computer object from one OU to another could completely alter the policy settings that it is receiving.

After moving a computer object from one OU to another, it is important to reboot that computer before you can expect the move to be recognized and the new policy settings to be applied.
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.144.224.32