Rearranging OU structure within a single domain?

[windowsname]

We would like to rearrange our OUs into a hieractical structure that
better reflects the structure of the company and departments within as
well as better organize the GPOs that are now mostly all at the root
of the domain with security filtering used to control who gets what
GPO.

To do this, we would need to create some new OUs and put some of these
new OUs above existing OUs, but the existing OUs are already near the
root of the domain. Some othe existing OUs will need to be renamed
with more logical names.

What problems can be expected renaming and moving OUs around and what
are the best ways to avoid these problems?

 

[Herb Martin]

We would like to rearrange our OUs into a hieractical structure that
better reflects the structure of the company and departments within as
well as better organize the GPOs that are now mostly all at the root
of the domain with security filtering used to control who gets what
GPO.

The (best) reasons for a particular OU structure are these:

1) GPO linking strategy

2) Delegation authority strategy

The relationship to the coporate structure should be accidental except as
it reflects the two items above, as yours does for GPOs (at least.)

To do this, we would need to create some new OUs and put some of these
new OUs above existing OUs, but the existing OUs are already near the
root of the domain. Some othe existing OUs will need to be renamed
with more logical names.

What problems can be expected renaming and moving OUs around and what
are the best ways to avoid these problems?

Probably easiest to just create the NEW structure and move the
users/computers
since they move from OU to OU with no trouble what so ever.

 

[Richard Mueller [MVP]]

The (best) reasons for a particular OU structure are these:

1) GPO linking strategy

2) Delegation authority strategy

The relationship to the coporate structure should be accidental except as
it reflects the two items above, as yours does for GPOs (at least.)


Probably easiest to just create the NEW structure and move the
users/computers
since they move from OU to OU with no trouble what so ever.

I see no problems renaming OU's or moving users from one OU to another. The
only issue is the GPO's defined for each.

 

[Paul Bergson [MVP-DS]]

The only thing I can think of that could be a issue is if you have hard
coded distinguished names defined in scripts or applications that need to
gain access to an object within the domain itself. Moving objects and their
containers (OU's) should have no effect other than described above.

--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Jorge de Almeida Pinto [MVP - DS]]

We would like to rearrange our OUs into a hieractical structure that

better reflects the structure of the company and departments within as

be aware that the OU structure is a structure that should be created of how
you manage the company and NOT how the company is setup
(of course it may look like the org structure, but it should not be the
start of it)

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Identity & Access - Directory Services #

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx